How can we use SSL and our own domain name in the URL to our site?
SSL, Custom Domain, Enablement
Oracle B2C Service (OSvC)
If you want to change the domain name in the URL for your site to a custom domain, an SSL certificate is required which is obtained by you from a Certificate Authority outside of Oracle but that is recognized by Oracle. Your first step is to purchase an entitlement for Custom Domain SSL Application Hosting from Oracle. This will give you the ability to use Oracle's self-service tools (Configuration Assistant) to generate CSR to provide to your certificate authority. You will need to pay a fee to the certificate authority. Once you have the certificate you would implement the new SSL certificate/s through Configuration Assistant (self service tool). You should work with your IT staff to get the correct certificates.
A description of the most common certificate types used for Oracle B2C Service can be found at the following answer:
When your site is first provisioned with Oracle B2C Service, your interfaces are added to our *.custhelp.com wildcard certificate and are provided with SSL coverage. The need for custom domain SSL comes in when you are interested in re-branding your website's domain with a custom name of your choosing. This will require that you come off our *.custhelp.com certificate and provide us with your own, which we then host in our server environment.
The following answer has a full walkthrough of this process using our self-service tools in Configuration Assistant, which you must use if your account has been 'cloudified':
The certificate process in self-service will begin with generating a CSR, or Certificate Signing Request, for the new custom domain. This is effectively an order form for the certificate, and the contents of the CSR will be output into a hash format. The CSR you use to purchase your certificate must come from our tools in self-service, otherwise the certificate will not be compatible in our environment, and attempting to upload the certificate through self-service will cause a failure.
This installation process will include a change to the vhosts for the interface(s) you are updating. Every interface must have at least one primary vhost, but can have multiple alternate vhosts. Alternate vhosts always redirect to the primary vhost, and that is their only function.
When you first have your site provisioned, you will notice that an interface's primary vhost matches the example format 'companynamehelp.custhelp.com'. When your custom certificate is installed, the new custom domain you have chosen will become the primary vhost, and the original custhelp.com address will become an alternate that redirects to the new primary address.
This vhost change requires some brief downtime while the new DNS information propagates throughout the web. This is generally brief, and lasts up to about 30 minutes. Nevertheless, you may wish to schedule the installation for a lower-impact time as a result.
The new vhost is associated to your original interface address by the use of CNAME records in DNS. This is a record type that defines the new custom address as an alias for the original custhelp.com address. A real-world example of this can be seen with our support pages:
flags QR RD RA
cx.rightnow.com. IN CNAME
cx.rightnow.com. 14 IN CNAME rightnow.custhelp.com.
These will need to be added by your local DNS administrators. The CNAME must be in place prior to making any vhost changes. If they are not in place and the vhost records are changed, you would face a significant site down scenario. For this reason, our self-service system performs a CNAME check and will prevent changes if no record is present, and will lock the user out from further changes.
If you need to renew an existing certificate, most of the steps will be the same as shown above in the Configuration Assistant walkthrough, however you are able to use an already existing CSR from previous years as long as your company data has not changed.
The most common causes of issues in self-service are attempting to use a CSR that was not generated from our self-service tools, not having the CNAME in place before making vhost changes, or not purchasing a certificate from a major, reputable Certificate Authority.
Please Note: If you require a www. version of your new domain to be covered with SSL on the certificate, the CSR and resulting certificate must explicitly define a Subject Alternative Name with the 'www.' version of the address. This is because the leading 'www.' is not assumed on the Internet, and must be clearly specified on a certificate in order to provide SSL coverage.
If you encounter issues uploading your certificate, please create a service request and choose 'SSL' as the product in question.
Lastly, Oracle B2C Service Technical Support recommends that you purchase your cert from DigiCert. DigiCert is the authority that has been the most thoroughly tested with our services, and your end-users and agent devices should already have native support, with all required roots installed with no additional input needed.
It is also critical to note any integrations you have that may be dependent on a vhost name and its associated IP address. It is important that all integrations be examined for hard-coded values, and the Oracle B2C Service department should be alerted to these dependencies as part of the vhost change request process.
Note: Oracle charges per IP for custom SSL. If you purchase either a wildcard or a SAN certificate, then all interfaces can use the same certificate and the same IP address. If for some reason you choose separate certificates for each interface, then each interface would require us to assign an IP address and we would need to charge for each IP used. In general, it is in the customer's best interest to cover as many domains as possible, on as few certificates as possible.
Changing the vhost of an interface will result in the change of multiple application components and deployment files for the Oracle B2C Service admin console.
Please be aware that any instances of your site/interface that were installed previous to a vhost change will require a reinstall using the new launch URL.