SSL certificates
ForgeRock domains
Identity Cloud uses Google-managed SSL certificates to secure the forgeblocks.com and forgerock.io domains used by your tenant environments.
Custom domains
Google-managed SSL certificates (default)
If you use a custom domain to access Identity Cloud, by default a Google-managed SSL certificate is used to secure the domain. The domain is added to the certificate’s Subject Alternative Name (SAN) field.
Self-managed SSL certificates
Identity Cloud offers you the choice of using a self-managed SSL certificate with your custom domain, in place of the default Google-managed SSL certificate.
For information about how to set up your own certificate, refer to Configure a self-managed SSL certificate.
DV and EV certificates
Providing your own Domain Validation (DV) or Extended Validation (EV) SSL certificate can give your end users extra confidence that your applications are secure. Most browser vendors have now removed the visual signals in the browser address bar that distinguished these certificates (green padlock, highlighted company name, highlighted https protocol). However, the additional EV certificate information is still available when you click the padlock in the browser address bar and inspect the certificate:
Standard SSL certificate: |
EV SSL certificate: |
|
|
Wildcard certificates
Wildcard certificates allow subdomains of the same domain to share a certificate in the following ways:
-
Within the same realm
-
Across different realms
-
Within the same realm and across different realms
For example, a certificate for the wildcard domain "*.example.com" could be shared between an Alpha realm using the subdomain "customers.example.com" and a Bravo realm using the subdomain "employees.example.com".
Similarly, the same certificate could be shared between subdomains "employees-emea.example.com" and "employees-apac.example.com" within the same Alpha or Bravo realm.