link

# Establishing a Signicat subdomain

# Introduction

We offer Signicat subdomains, which allow you to run your complete integration with our ID portal on your own subdomain.

A subdomain is part of a domain, where a domain defines a realm of administrative autonomy or authority on the Internet. Similarly, the name of the subdomain must reflect the domain it belongs to. The domain name system has a tree structure or hierarchy, with each node on the tree being a domain name. By definition, a subdomain is a domain that is part of a larger domain.

A Signicat subdomain will be a part of your own company domain, even if it is physically located in Signicat's operational environment. If your company's domain name is yourdomain.com, the default name of the Signicat subdomain will be onboarding.yourdomain.com.

# Advantages

The advantage of having a Signicat subdomain, rather than our standard solution, is that the login and signature web pages will appear as belonging to your company. The end-user will have a coherent experience of being on the same website when logging in or signing documents and will not be sent to an external website during these processes.

In addition, since the user stays on the same domain during the whole process, the redirect will be perceived as less intrusive and give a more unified user experience.

A third important advantage of having your own subdomain is that there will be no need for the end-user's browser to accept third-party session cookies. Without the use of a subdomain, the browser must be set to accept third-party session cookies, as our authentication service will be accessed through an iframe.

# The process

The following is the recipe for establishing a new subdomain. The same process will also be used if you have ordered more than one subdomain. This will create a new customer subdomain with certificates handled by Certbot (opens new window) for automatic issuing and renewal.

To start the process, you will have to make some changes to your DNS (both external and internal if they are not in sync).

# 1. Add the subdomain you want to use as a CNAME record

Add the subdomain you want to use as a CNAME record pointing towards our ACME hostname for the appropriate environment.

We recommend a descriptive name for the subdomain, such as onboarding.yourdomain.com, secure.yourdomain.com or <ID>.yourdomain.com, for example idin.yourdomain.com or nbid.yourdomain.com.

Available environments are as follows:

Environment name Environment URL
Preprod1 acme.preprod.signicat.cloud
Preprod2 acme.eu01.preprod.signicat.cloud
Production1 acme.signature.signicat.cloud
Production2 acme.eu01.signicat.cloud

# 2. Add a CAA record to your DNS optional

If you want to limit issuing of certificates to a specific certificate authority (CA), you can add a CAA (opens new window) (Certificate Authority Authorization) record to your DNS, such as letsencrypt (opens new window) or buypass.com (opens new window). CAA is an open standard specified in RFC 6844 (opens new window).

Example:

click-to-zoom

Setting the expiry date, or Time to Live (TTL) for new records

Generally, we recommend setting a TTL of 24 hours (86,400 seconds).

However, if you are planning to make DNS changes, we recommend lowering the TTL to 5 minutes (300 seconds) at least 24 hours in advance of making the changes. After the changes are made, increase the TTL back to 24 hours.


The rest of the process is handled from our side. Simply contact us at support@signicat.com and provide us with the subdomain you want to use, as well as the CAA and CNAME you configured in your DNS, and we will take it from there.

Last updated: 20/09/2023 12:20 UTC