Skip to main content

Self-managed certificate

When you choose a custom domain that uses a self-managed certificate, you have more control over your certificates, such as choosing a Certificate Authority (CA), the type of certificate, and renewal times.

However, self-managed certificates require preparation. You must handle the following aspects:

  • Obtaining and managing SSL/TLS certificates.
  • Configuring your server, proxy and security settings to ensure secure communication. This may include setting up and configuring a reverse proxy to route traffic to Signicat.
  • Handling certificate renewals and updates (Signicat notifies you when your certificate is about to expire).
  • Monitoring and addressing any SSL/TLS errors or performance issues related to your custom domain.
Our recommendation

We recommend that you set up your custom domain during the development phase, before you go to production.

How to set up a custom domain (self-managed certificate)

To add a custom domain using a self-managed certificate, you need to complete the following steps:

  1. Add your domain name in the Signicat Dashboard.
  2. Configure the CNAME record with your DNS provider, so that traffic targeting your custom domain is forwarded to our servers.
  3. Create a Certificate Signing Request (CSR) in the Signicat Dashboard.
  4. Purchase an SSL/TLS certificate with a certificate authority (CA), using the CSR that you created in the previous step.
  5. Upload the SSL/TLS certificate in the Signicat Dashboard that you purchased in the previous step.

To learn how to complete each step, see the corresponding sections below.

1. Add your domain name

You can add your domain name in the Signicat Dashboard. To do this:

  1. Go to Signicat Dashboard > Settings > Domains.
  2. In the top navigation bar, use the dropdown menu next to your organisation name to select the account that you want to make changes to.
  3. In the top-right corner of the screen, click the + Add domain button.
  4. In the Choose your domain type dialogue box, click the Custom domain button. This takes you to the Add custom domain page.
  5. In the Domain name field, enter your desired domain name. This must include both a root domain and a subdomain.
    Example: Domain name
    app.mycompany.com
  6. Under the Choose your certificate type section, select Use self-managed certificate.
  7. Click the Continue button. You are then taken to the overview page for your new domain.

2. DNS setup

Before you can use the domain, you must configure the CNAME record with your DNS provider and then validate the DNS changes. To do this:

  1. From the Domain overview page, see the DNS setup section.
    Where can I find this?

    To find the Domain overview page:

    1. Go to Signicat Dashboard > Settings > Domains.
    2. For the domain that you want to configure, click the three dots under the Actions column.
  2. Under Configure DNS (step 1 in DNS setup), you can see both CNAME records that you need to configure with your DNS provider. Use the copy button beside the CNAME record to copy the value.
  3. Go to your host domain provider's portal and paste the CNAME record in your domain's settings. You need to repeat this process so that both records are added.
  4. Under Validate DNS (step 2 in DNS setup), click the Validate DNS button to validate your domain.
    Note

    It can take some time for DNS updates to become available.

3. Certificate setup

Before you can purchase an SSL/TLS certificate, you need to generate a Certificate Signing Request (CSR) in the Signicat Dashboard. This contains relevant information about your business that the Certificate Authority (CA) needs to verify your business identity.

You then need to share this CSR file with the Certificate Authority (CA) when purchasing the certificate. Once received, you need to upload the certificate in the Signicat Dashboard. To do this:

  1. From the Domain overview page, see the Certificate setup section.
    Where can I find this?

    To find the Domain overview page:

    1. Go to Signicat Dashboard > Settings > Domains.
    2. For the domain that you want to configure, click the three dots under the Actions column.
  2. Under Create a Certificate Signing Request (CSR) (step 1 in Certificate setup), click the Generate CSR button to open the Generate CSR dialogue box.
  3. Fill in the fields in the form:
  4. To create and download the CSR, click the Create button, then click the Download now button.
    Example: CSR
    -----BEGIN CERTIFICATE REQUEST-----
    ...Base64-encoded string...
    -----END CERTIFICATE REQUEST-----
    Forgot to download the CSR?

    You can also download the CSR at any time from the Domain overview page. To do this:

    1. Go to Signicat Dashboard > Settings > Domains.
    2. For the domain that you want to configure, click the three dots under the Actions column.
    3. Under the Create a Certificate Signing Request (CSR) step in the Certificate setup section, click the Download CSR button beside the CSR that you want to download.
  5. Purchase a SSL/TLS certificate from a Certificate Authority (CA), using the CSR that you created in the previous step.
    Certificate types

    The type of certificate that you need to purchase depends on requirements of the product that you are integrating with; it can be any combination of the following certificate types:

    • Domain Validation (DV)
    • Organization Validation (OV)
    • Extended Validation (EV)
  6. Under Upload certificate (step 2 in Certificate setup), click the Upload certificate button.
  7. Locate the file in your file system, then click the Open button to upload it.
Need help?

If you require assistance or need to report an issue, you can contact us by creating a support ticket in the Signicat Dashboard.

On this page