1. CNAME records and subdomain delegation

Configure using Sitecore certificates

This topic shows you how to use certificates from Sitecore to set up a domain delegation strategy, either by CNAME records or subdomain delegation. Alternatively, you can use your own certificates to set up a domain delegation strategy.

This simple and straightforward strategy ensures quick deployment. However, there is less flexibility in certificate management as you won't be able to change the configurations and security standards predetermined by Search.

Before you begin

Ensure that your domain's nickname follows standard DNS (Domain Name System) naming protocols. For example, the nickname mustn't have an underscore (_) or a period (.). To view your domain's nickname, go to Administration > General Settings > Domain Information > DOMAIN NICKNAME.

If you find that your domain's nickname has non-standard characters, contact a Sitecore Search representative to have it changed.

This is important because during domain delegation Search uses SSL certificates whose name contains domain nicknames. SSL certificates cannot have non-standard characters. If they do, they become invalid.

Caution

Use caution when modifying any settings in Administration > Domain Settings > Subdomain Setup. Your websites and applications that are in production can be impacted.

To configure domain delegation using Sitecore certificates:

  1. On the menu bar, click Administration > Domain Settings > Subdomain Setup.

  2. To select a domain delegation strategy, click an option next to Subdomain Strategy.

    If you want to use CNAME records, click CNAME. If you want to use a subdomain delegation, click Delegation.

  3. To specify that you want to use the SSL certificates created by Sitecore, next to Certificate Creation, click Sitecore Created.

  4. To confirm your selection click Run Setup.

    The setup process can take up to ten minutes. If it's successful, you'll see a Setup Successful message and:

    • If you chose the CNAME record strategy, you'll see CNAME records.

    • If you chose the subdomain delegation strategy, you'll see nameserver (NS) details.

    Note

    Running the setup process again after completion does not create new CNAME values.

    Note

    If the setup times out, retry the operation. If the timeout persists, contact Sitecore Support and provide the Search domain ID, the approximate timestamp of the attempt, the selected subdomain setup method, and a screenshot of the timeout message.

  5. To copy the CNAME records or NS details, next to CNAME Details or Nameserver Details, click Copy .

  6. Go to your DNS provider's administration console, add the CNAME records or NS details, and save your changes.

    This might take anything from a few hours to a day to complete.

  7. Verify that your CNAME record or NS details have been added to your DNS provider. To do this, you have two options:

    • Use https://dnschecker.org for CNAME records or subdomain delegation.

    • Use the host command in your local terminal.

      For CNAME records, use:

      $ host -t CNAME <yournickname>.rfk.<yourdomain>.com

      For subdomain delegation, use:

      $ host -t NS <yournickname>.rfk.<yourdomain>.com

      Here's a sample command to find NS records for the riggs.rfk.riggsandporter.com subdomain, followed by the results of that command:

      $ host -t NS riggs.rfk.riggsandporter.com
riggs.rfk.riggsandporter.com name server ns-1262.awsdns-29.org.
riggs.rfk.riggsandporter.com name server ns-1868.awsdns-41.co.uk.
riggs.rfk.riggsandporter.com server ns-450.awsdns-56.com.
riggs.rfk.riggsandporter.com server ns-709.awsdns-24.net.

  8. To verify that Search considers your CNAME items as added, go to Administration > Domain Settings > Subdomain Setup, and verify that you see green checkmarks next to the CNAME records or NS details.

    Important

    If you see red crosses next to the CNAME record or NS details, your items haven't yet been added yet or were added incorrectly. You'll need to troubleshoot this with your DNS provider before you continue.

  9. To complete domain delegation setup, click Run Completion.

    The setup process can take up to ten minutes.

    Note

    If the setup process is successful, you'll see a Setup Complete. Please see Domain Status tab for more details message. Now, you can retrieve the hosts and paths you need to access various Search services.

    Important

    If the setup process is unsuccessful, you'll see an error message similar to Failed to configure SSL certificate, please make sure the CNAME records have been added to your DNS configuration.

    If this occurs:

    • Verify that the CNAME records or nameserver (NS) details have been correctly added to your DNS provider.

    • Verify that the SSL certificate is valid for the generated Search subdomain.

    • Ensure that the certificate chain includes all required intermediate certificates.

    If you're unable to solve the issue with your DNS provider, contact Sitecore Search support and include your domain ID, the approximate time of the attempt, the certificate type, and a screenshot of the error.

If you have suggestions for improving this article, let us know!