In order to setup a custom CNAME to work with JFrog cloud domain, please provide the following in order to complete the setup:
1. An encrypted SSL certificate delivered as follows:
a) Available subdomain
b) Second-level subdomain wildcard SSL certificate, ie.
c) Private .key file (.pem format)
d) Public .crt file (.pem format)
e) The Extension to a cert file, ie. bundle/chain. should be appended to the Public .crt file.
f) Re-arrange the files as follows:
> ***DOMAIN***_cert <DIRECTORY>
> > ***DOMAIN***.crt <FILE>
> > ***DOMAIN***.key <FILE>
Certificate verification test:
- Matchment check: ensure the md5 is identical in both .key and .crt files, by running the following two commands:
openssl rsa -noout -modulus -in <file.key> | openssl md5
openssl x509 -noout -modulus -in <file.crt> | openssl md5
- Expiration check: ensure the certificate is valid, by running the following command:
openssl x509 -noout -dates -in <file.crt>
- CNAME check: ensure the certificate is Second-level subdomain wildcard SSL certificate,
openssl x509 -text -noout -in <file.crt> | grep Subject
When you need to provide JFrog with sensitive data, such as SSL certificates and keys for example, you will need to sign your content with JFrog GPG Key.
Updating your DNS records:
Once your SSL certificate is installed by us, we’ll provide you with a DNS CNAME record that you’ll need to add to your records.
* Do not change your automation scripts before you have confirmation from the JFrog team and have checked that your requests are sent to your Artifactory Cloud.
Working with the new custom address:
Each Docker repository in your Artifactory cloud instance can be accessed
using the following DNS record:
Therefore, is to add a wildcard entry in your DNS record, such as:
e.g. *.jfrog.mycompanyname.com, for any <docker-repo-name>.jfrog.mycompanyname.com