LogoLogo
LogoLogo
  • Welcome
  • Details
  • Editions
  • Use Cases
  • SCEPMAN Deployment
    • Getting Started
      • Standard Guide
      • Extended Guide
    • Permissions
      • Azure App Registration
      • Managed Identities
    • Deployment Options
      • Marketplace deployment
      • Enterprise deployment
      • Terraform deployment
    • Root CA
    • Intermediate CA
  • Certificate Management
    • Revocation
    • Microsoft Intune
      • Windows
        • Certificate Based Authentication for RDP
      • macOS
      • Android
      • iOS/iPadOS
      • Linux
    • Jamf Pro
      • General Configuration
      • Computers
      • Devices
      • Users
    • Other MDM Solutions
      • Google Workspace
        • ChromeOS
      • Kandji
      • Mosyle
      • SOTI MobiControl
    • Certificate Master
      • Manage Certificates
      • Certificate Signing Request (CSR)
      • TLS Server Certificate
      • Sub CA Certificate
      • Code Signing Certificate
      • Client Certificate
      • User Certificate
    • Domain Controller Certificates
    • Enrollment REST API
      • Self Service Enrollment
        • Intune Managed Linux Client
        • Unmanaged Linux Client
      • API Enrollment
        • Linux Server
        • Windows Server
      • SCEPmanClient
  • Azure Configuration
    • Application Insights
    • App Service Sizing
      • Autoscaling
    • Custom Domain
    • Geo-Redundancy
    • Health Check
      • Using 3rd Party Monitoring
    • Log Management
    • Moving Resources
    • Private Endpoints
    • Split-Tenancy
  • Update Strategy
  • SCEPman Configuration
    • SCEPman Settings
      • Basics
      • Certificates
      • Certificate Master
      • CRL
      • Dependencies (Azure Services)
        • Azure KeyVault
        • Logging
        • Microsoft Entra ID (Azure AD)
        • National Cloud Platforms
      • Enrollment REST API
      • OCSP
      • SCEP Endpoints
        • DC Validation
        • Intune Validation
        • Jamf Validation
        • Static Validation
        • Static-AAD Validation
    • Certificate Master Settings
      • Basics
      • Microsoft Entra ID (Azure AD)
      • Logging
      • National Cloud Platforms
    • Application Artifacts
    • Certificate Master RBAC
    • Device Directories
    • Intune Strong Mapping
  • Other
    • Security & Privacy
    • Support
    • Licensing
      • Azure Marketplace
    • FAQs
      • General
      • Certificate Connector
      • Network Access Controllers
      • Renewing SCEPman Root CA
    • Troubleshooting
      • Common Problems
      • Certifried Security Vulnerability
      • Cisco ISE Host Header Limitation
      • Intune service discovery API permissions
      • Re-enrollment trigger
  • Uninstallation
  • Change Log
  • Links
  • SCEPman Website
Powered by GitBook
On this page

Was this helpful?

  1. Azure Configuration

Custom Domain

Last updated 1 month ago

Was this helpful?

Custom Domain Configuration

If you want to create your own custom domain for your SCEPman App Service URL, there are two options depending on your domain provider:

The first option is to go with Azure Domain (existing one or creating a new one)

  • Domain provider: in this case App Service Domain

  • TLS/SSL certificate: select App Service Managed Certificate if you want to create and bind the certificate to your custom domain automatically, this certificate is managed by Azure and will be automatically renewed at no cost

  • TLS/SSL type: SNI SSL Binding is free of cost and supported by most modern browsers

  • App Service Domain: Choose an existing Azure Domain or create a new one

  • Domain type: in the example below we choose a Subdomain

By clicking on add, the custom domain and the SSL Managed Certificate will be created and bound automatically

The second option is to go with your non-Azure domain and add the validation records to your domain provider

  • Domain provider: All other domain services

It is not recommended to set a custom domain to Certificate Master. If you still want to set it up, make sure to also do:

  • in SCEPman App Service Configuration, update AppConfig:CertMaster:URL to the new Certificate Master URL

  • add the new sign-in URL to the Certificate Master app registration "SCEPman-CertMaster".

Microsoft Documentation and Managed Certificates

After configuring the custom domain, make sure to update SCEPman App Service Setting to the new URL, save and restart the App Service

Add a custom domain to an App Service:

Add and manage TLS/SSL certificates in App Service:

Create a free certificate:

https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain
https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate
https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#create-a-free-certificate-preview
AppConfig:BaseUrl