Custom Domain

Custom Domain Configuration

If you want to create your own custom domain for your SCEPman App Service URL, you have to decide whether you want to add it because it is a requirement to activate the Active Directory Endpoint or only for other reasons.

Considerations for an Active Directory Endpoint

If you want your custom domain for the Active Directory endpoint, you need to create an A record, because Kerberos requires this. In this case, you must choose "All other domain services", even if you have an App Service Domain. The UI might force you to select CNAME as record type depending on your other selections. We have successfully tested that you can still configure the DNS entry as an A record and found no problems with this configuration. Otherwise change your settings, such that an A record is allowed like using an apex domain or using a certificate other than the App Service Managed Certificate. In this case, you need to find out the inbound IP address of your App Service, which is displayed in the Networking entry of the App Service.

Adding the Custom Domain

This description assumes you do not use Azure Domain Services. If you do, you select App Service Domain to profit from the integration of App Services and Azure Domain Services. Otherwise, select All other domain services and add the validation records to your domain provider.

  • Domain provider: All other domain services

Configure the BaseUrl of SCEPman

When you add the Custom Domain to enable the Active Directory Endpoint, as an alternative to updating the BaseUrl configuration as described below, you can also change the setting AppConfig:ActiveDirectory:BaseUrl. This won't affect things like your AIA, but only the Active Directory endpoints.

After configuring the custom domain, make sure to update SCEPman App Service Setting AppConfig:BaseUrl to the new URL, save and restart the App Service.

It is not recommended to set a custom domain to Certificate Master. If you still want to set it up, make sure to also do:

  • in SCEPman App Service Configuration, update AppConfig:CertMaster:URL to the new Certificate Master URL

  • add the new sign-in URL to the Certificate Master app registration "SCEPman-CertMaster".

Microsoft Documentation and Managed Certificates

Add a custom domain to an App Service: https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain

Add and manage TLS/SSL certificates in App Service: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate

Create a free certificate: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#create-a-free-certificate-preview

Last updated

Was this helpful?