Custom Domain
Custom Domain Configuration
If you want to create your own custom domain for your SCEPman App Service URL, you have to decide whether you want to add it because it is a requirement to activate the Active Directory Endpoint or only for other reasons.
Considerations for an Active Directory Endpoint
If you want your custom domain for the Active Directory endpoint, you need to create an A record, because Kerberos requires this. In this case, you must choose "All other domain services", even if you have an App Service Domain. The UI might force you to select CNAME as record type depending on your other selections. We have successfully tested that you can still configure the DNS entry as an A record and found no problems with this configuration. Otherwise change your settings, such that an A record is allowed like using an apex domain or using a certificate other than the App Service Managed Certificate. In this case, you need to find out the inbound IP address of your App Service, which is displayed in the Networking entry of the App Service.
Adding the Custom Domain
If you are using Azure Domain Services, select "App Service Domain" to benefit from its native integration with App Services.
If you are not using Azure Domain Services, choose "All other domain services" and add the required validation records with your domain provider:
For "Domain validation" please note:
Check for possible CAA records on the root domain (specifies which Certificate Authorities (CAs) are authorized to issue certificates) - see certificate requirements
Configure the BaseUrl of SCEPman
When you add the Custom Domain to enable the Active Directory Endpoint, as an alternative to updating the BaseUrl configuration as described below, you can also change the setting AppConfig:ActiveDirectory:BaseUrl. This won't affect things like your AIA, but only the Active Directory endpoints.
After configuring the custom domain, make sure to update SCEPman App Service Setting AppConfig:BaseUrl to the new URL, save and restart the App Service.
It is not recommended to set a custom domain to Certificate Master. If you still want to set it up, make sure to also do:
in SCEPman App Service Configuration, update
AppConfig:CertMaster:URLto the new Certificate Master URLadd the new sign-in URL to the Certificate Master app registration "SCEPman-CertMaster".
Microsoft Documentation and Managed Certificates
Add a custom domain to an App Service: https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain
Add and manage TLS/SSL certificates in App Service: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate
Last updated
Was this helpful?