Manage Custom Domain Names in MyJFrog

MyJFrog Portal
Products
MyJFrog
Content Type
User Guide

Notice

Subscription Information 

This feature is supported on Cloud (SaaS) platform, with an Enterprise X or Enterprise+ license.

Important

  • By uploading an SSL certificate and associating it with a JPD, you confirm that you are the lawful owner or authorized representative of the domain.

  • If it is discovered or reported that a domain associated with your SSL certificate does not belong to you or that you lack the necessary rights, or if we have reasonable belief of the existence of any of the foregoing, we reserve the right to revoke or suspend, at our sole discretion, any association of yours with the applicable domain(s) without notice.

  • It is your responsibility to comply with applicable laws and regulations regarding domain ownership.

  • Contact our Support team for any concerns or questions.

The custom domain name feature allows you to provision, manage, deploy and renew a secure canonical name (CNAME) for your JPDs. For REST API documentation, see Custom Domain Name REST APIs. This means that you can allocate a custom URL to point to your JPDs. You can set up a custom domain name through MyJFrog: to learn which users can use this feature, see User Roles.CUSTOM DOMAIN NAME REST APIS

To get started, you will need to provide a valid SSL certificate, since JFrog requires an HTTPS protocol to serve traffic over your custom domain name. After adding the certificate, you will be able to select the relevant domains under the SSL certificate and point them to the selected JPDs.

Note

There is a limit of 30 SSL objects per subscription, meaning that each subscription can define up to 30 SSL certificates with up to 100 associated domains under each. If you have special cases or specific requests which exceed this limit, please reach out to our Support team for further assistance.

Before You Start

Verify that your SSL certificate matches the following prerequisites:

  • Verify that your SSL certificate is in a valid PEM format and that the private key is generated using either the RSA or ECDSA algorithm.

  • The certificate must have at least one of the following extended key usages (EKUs):

    • TLS Web Client Authentication

    • TLS Web Server Authentication.

  • The certificate is currently valid and must have at least 30 days left for expiration.

  • If your certificate is signed by an external authority (for example, GoDaddy), ensure to include the full certificate chain. This ensures proper validation of your SSL certificate.

  • Make sure the certificate body is associated with the public key (same public key on both).

  • Private keys meet the following requirements: 

    Encrypted (password-protected) private keys are not supported.

    RSA keys:

    • Minimum 2048 bits (recommended 3072+ for new keys)

    • Supported formats: RSA PKCS#1, PKCS#8

    ECDSA keys:

    • Minimum 256 bits (P-256 curve), maximum 521 bits (P-521 curve)

    • Supported formats: SEC#1 (EC PRIVATE KEY), PKCS#8

    • Supported curves: P-256 (secp256r1), P-384 (secp384r1), P-521 (secp521r1)

  • Domain names are assessed against the standards outlined in RFC1034, Section 3, and RFC1123, Section 2.1. Any domain names that do not adhere to these standards will be deemed invalid and therefore unusable.