Configure using your own certificates

This topic shows you how to use your own certificates to set up a domain delegation strategy, either by CNAME records or subdomain delegation. Search gives you a Certificate Signing Request (CSR) you can use to generate certificates.

This strategy usually requires more technical knowledge for setup and on-going management, and might increase the complexity of your deployment process. However, it also gives you flexibility and control over the certificate's source, type, and security features, which might be useful for an organization with specific security requirements.

Before you begin

Ensure that your domain's nickname follows standard DNS (Domain Name System) naming protocols. For example, the nickname must not have an underscore (_) or a period (.). To view your domain's nickname, go to Administration > General Settings > Domain Information > DOMAIN NICKNAME.

If you find that your domain's nickname has non-standard characters, contact a Sitecore Search representative to have it changed.

This is important because during domain delegation Search uses SSL certificates whose name contains domain nicknames. SSL certificates cannot have non-standard characters. If they do, they become invalid.

Caution

Use caution when modifying any settings in Administration > Domain Settings > Subdomain Setup. Your websites and applications that are in production can be impacted.

To configure domain delegation using your own certificates:

  1. On the menu bar, click Administration > Domain Settings > Subdomain Setup.

  2. To select a domain delegation strategy, click an option next to Subdomain Strategy.

    If you want to use CNAME records, click CNAME. If you want to use a subdomain delegation, click Delegation.

  3. To specify that you want to create your own SSL certificates, next to Certificate Creation, click Customer Created.

  4. To confirm your selection click Run Setup.

    The setup process can take up to ten minutes. If it's successful, you'll see a Setup Successful message and:

    • If you chose the CNAME record strategy, you'll see CNAME records and a Certificate Signing Request (CSR).

    • If you chose the subdomain delegation strategy, you'll see nameserver (NS) details a Certificate Signing Request (CSR).

  5. Copy or download the CSR.

    Then, send the CSR to a commercial certificate authority (CA) to request a certificate. This procedure varies depending on who your CA is.

  6. To create a certification, send the CSR to a commercial certificate authority (CA). This procedure varies depending on who your CA is.

    You'll get a certificate and a certificate chain from your CA.

  7. To link your certificate with Search, go to Administration > Domain Settings > Subdomain Setup and paste the following details:

    • In the SSL CERTIFICATE field, paste your certificate.

    • In the CERTIFICATE CHAIN field, paste your certificate chain.

  8. To copy the CNAME records or NS details, next to CNAME Details or Nameserver Details, click copy .

  9. Go to your DNS provider's administration console, add the CNAME records or NS details, and save your changes.

    This might take anything from a few hours to a day to complete.

  10. Verify that your CNAME record or NS details have been added to your DNS provider. To do this, you have two options:

    • Use https://dnschecker.org for CNAME records or subdomain delegation.

    • Use the host command in your local terminal.

      For CNAME records, use:

      RequestResponse
      $ host -t CNAME <yournickname>.rfk.<yourdomain>.com

      For subdomain delegation, use:

      RequestResponse
      $ host -t NS <yournickname>.rfk.<yourdomain>.com

      Here's a sample command to find NS records for the riggs.rfk.riggsandporter.com subdomain, followed by the results of that command:

      RequestResponse
      $ host -t NS riggs.rfk.riggsandporter.com
riggs.rfk.riggsandporter.com name server ns-1262.awsdns-29.org.
riggs.rfk.riggsandporter.com name server ns-1868.awsdns-41.co.uk.
riggs.rfk.riggsandporter.com server ns-450.awsdns-56.com.
riggs.rfk.riggsandporter.com server ns-709.awsdns-24.net.

  11. To verify that Search considers your CNAME items as added, go to Administration > Domain Settings > Subdomain Setup, and verify that you see green checkmarks next to the CNAME records or NS details.

    Important

    If you see red X next to the CNAME record or NS details, your items haven't yet been added yet or were added incorrectly. You'll need to troubleshoot this with your DNS provider before you continue.

  12. To complete domain delegation setup, click Run Completion.

    The setup process can take up to ten minutes.

    Note

    If the setup process is successful, you'll see a Setup Complete. Please see Domain Status tab for more details message. Now, you can retrieve the hosts and paths you need to access various Search services.

    Important

    If the setup process is unsuccessful, you'll see an error message similar to Failed to configure SSL certificate, please make sure the CNAME records have been added to your DNS configuration. If you're unable to solve the issue with your DNS provider, contact Sitecore Search support.

Do you have some feedback for us?

If you have suggestions for improving this article,