Manage Custom Domain Names in MyJFrog

JFrog Hosting Models Documentation

Content Type
User Guide


Subscription Information 

This feature is supported on Cloud (SaaS) platform, with an Enterprise X or Enterprise+ license.


  • By uploading an SSL certificate and associating it with a JPD, you confirm that you are the lawful owner or authorized representative of the domain.

  • If it is discovered or reported that a domain associated with your SSL certificate does not belong to you or that you lack the necessary rights, or if we have reasonable belief of the existence of any of the foregoing, we reserve the right to revoke or suspend, at our sole discretion, any association of yours with the applicable domain(s) without notice.

  • It is your responsibility to comply with applicable laws and regulations regarding domain ownership.

  • Contact our Support team for any concerns or questions.

The custom domain name feature allows you to provision, manage, deploy and renew a secure canonical name (CNAME) for your JPDs. For REST API documentation, see Custom Domain Name REST APIs. This means that you can allocate a custom URL to point to your JPDs. You can set up a custom domain name through MyJFrog: to learn which users can use this feature, see User Roles.CUSTOM DOMAIN NAME REST APIS

To get started, you will need to provide a valid SSL certificate, since JFrog requires an HTTPS protocol to serve traffic over your custom domain name. After adding the certificate, you will be able to select the relevant domains under the SSL certificate and point them to the selected JPDs.


There is a limit of 30 SSL objects per subscription, meaning that each subscription can define up to 30 SSL certificates with up to 30 defined domains under each. If you have special cases or specific requests which exceed this limit, please reach out to our Support team for further assistance.

Before You Start

Verify that your SSL certificate matches the following prerequisites:

  • Verify that your SSL certificate is in a valid PEM format and that the private key is generated using the RSA algorithm.

    • Your private key must be in the RSA format (RSA PKCS#1).

      Convert the key to RSA using the following OpenSSL command.

      -traditional may be omitted depending on the OpenSSL client

      openssl rsa -in private.key -out private_rsa.key -traditional

      Run the following command to convert to RSA PKCS#1.

      openssl pkey -in private.key -traditional
  • The certificate must have the following extended key usages (EKUs): TLS Web Client Authentication and TLS Web Server Authentication.

  • The certificate is currently valid and expires in more than 30 days.

  • Make sure the certificate body is associated with the public key (same public key on both).

  • Domain names are assessed against the standards outlined in RFC1034, Section 3, and RFC1123, Section 2.1. Any domain names that do not adhere to these standards will be deemed invalid and therefore unusable.

The following sections provide more information.