Identity Cloud

SSL certificates

ForgeRock domains

Identity Cloud uses Google-managed SSL certificates to secure the and domains used by your tenant environments.

Custom domains

Google-managed SSL certificates (default)

If you use a custom domain to access Identity Cloud, by default a Google-managed SSL certificate is used to secure the domain. The domain is added to the certificate’s Subject Alternative Name (SAN) field.

Self-managed SSL certificates

Identity Cloud offers you the choice of using a self-managed SSL certificate with your custom domain, in place of the default Google-managed SSL certificate.

For information about how to set up your own certificate, refer to Configure a self-managed SSL certificate.

DV and EV certificates

Providing your own Domain Validation (DV) or Extended Validation (EV) SSL certificate can give your end users extra confidence that your applications are secure. Most browser vendors have now removed the visual signals in the browser address bar that distinguished these certificates (green padlock, highlighted company name, highlighted https protocol). However, the additional EV certificate information is still available when you click the padlock in the browser address bar and inspect the certificate:

Standard SSL certificate:

EV SSL certificate:

browser ssl padlock info

browser ssl certificate info

browser ssl padlock info ev

browser ssl certificate info ev

Wildcard certificates

Wildcard certificates allow subdomains of the same domain to share a certificate in the following ways:

  • Within the same realm

  • Across different realms

  • Within the same realm and across different realms

For example, a certificate for the wildcard domain "*" could be shared between an Alpha realm using the subdomain "" and a Bravo realm using the subdomain "".

Similarly, the same certificate could be shared between subdomains "" and "" within the same Alpha or Bravo realm.

Copyright © 2010-2023 ForgeRock, all rights reserved.