DocumentationAEMAEM TutorialsAEM as a Cloud Service Tutorials

Custom domain name with Adobe CDN

Last update: Mon Aug 26 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

  • Intermediate
  • Admin
  • Developer

Learn how to implement a custom domain name for an AEM as a Cloud Service web site that uses the Adobe Content Delivery Network (CDN).

In this tutorial, the branding of the sample AEM WKND site is enhanced by adding an HTTPS-addressable custom domain name wknd.enablementadobe.com with Transport Layer Security (TLS).

video poster

https://video.tv.adobe.com/v/3427903?quality=12&learn=on

The high-level steps are:

Custom Domain Name with Adobe CDN {width="800" modal="regular"}

Prerequisites

video poster

https://video.tv.adobe.com/v/3427909?quality=12&learn=on

Transcript
The prerequisite for configuring a custom domain in AMCS are straightforward. Before we dive in, ensure you either have the following tools and services or collaborate with your company’s security team to ensure a seamless setup. Tools like OpenSSL and DIG install on local machine. Access to certificate authority service like DigiCert to request the signed certificate for your site domain. Access to Adobe Cloud Manager to add SSL certificate and domain details. Access to DNS hosting services like Azure DNS or AWS Route 53 to add DNS records for your custom domain.

  • OpenSSL and dig are installed on your local machine.

  • Access to third-party services:

    • Certificate Authority (CA) - to request the signed certificate for your site domain, like DigitCert
    • Domain Name System (DNS) hosting service - to add DNS records for your custom domain, like Azure DNS, or AWS Route 53.

  • Access to Adobe Cloud Manager as Business Owner or Deployment Manager role.

  • Sample AEM WKND site is deployed to the AEM as a Cloud Service environment of production program type.

If you do not have access to third-party services, collaborate with your security or hosting team to complete the steps.

Generate SSL certificate

video poster

https://video.tv.adobe.com/v/3427908?quality=12&learn=on

You have two options:

  1. Use the openssl command-line tool to generate a private key and a Certificate Signing Request (CSR) for your site domain. To request a signed certificate, submit the CSR to a Certificate Authority (CA).
  2. Your hosting team provides the required private key and signed certificate for your site.

Let’s review the steps for the first option.

To generate a private key and a CSR, run the following commands and provide the required information when prompted:

# Generate a private key and a CSR
$ openssl req -newkey rsa:2048 -keyout <YOUR-SITE-NAME>.key -out <YOUR-SITE-NAME>.csr -nodes

To request a signed certificate, provide the generated CSR to the CA by following the CA’s documentation. Once the CA signs the CSR, you receive the signed certificate file.

Review signed certificate

Review the signed certificate before adding it to the Cloud Manager. Review the certificate details using the following command:

# Review the certificate details
$ openssl crl2pkcs7 -nocrl -certfile <YOUR-SIGNED-CERT>.crt | openssl pkcs7 -print_certs -noout

The signed certificate may contain the certificate chain, which includes the root and intermediate certificates along with the end-entity certificate.

Adobe Cloud Manager accepts the end-entity certificate and the certificate chain in separate form fields, so you must extract the end-entity certificate and the certificate chain from the signed certificate.

In this tutorial, the DigitCert signed certificate issued against *.enablementadobe.com domain is used as an example. The end-entity and certificate chain is extracted by opening the signed certificate in a text editor and copying the content between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- markers.

Add SSL certificate in Cloud Manager

video poster

https://video.tv.adobe.com/v/3427906?quality=12&learn=on

Transcript
Let’s proceed to Adobe Cloud Manager to add the SSL certificate to my AEM as a Cloud Service program. Navigate to the Environments tab and select SSL certificate from the left navigation. Click the Add SSL certificate button. In the Add SSL certificate dialog, copy the details from the signed certificate and private key files. Note that the signed certificate file contains a certificate chain. Make sure you copy the relevant certificate entries into the Certificate and Certificate chain fields.

To add the SSL certificate in Cloud Manager, follow the add SSL Certificate documentation.

Domain name verification

video poster

https://video.tv.adobe.com/v/3427905?quality=12&learn=on

Transcript
Alright, the next step is to add the domain. This step ensures that our weekend AM site is associated with the specified domain. Click on domain settings in the left navigation and then click the add domain button. In the add domain dialog, provide the necessary details. I’ll be using the weekend.enablementadobe.com domain and since my certificate is issued against star or any domain of enablementadobe.com, it should work seamlessly. For the environment and service fields, select prod and publish values respectively. In the domain SSL certificate field, choose the SSL certificate value from the previous step and click continue to proceed. The next stage is domain name verification. A crucial step in confirming the association between your domain and AEM. To complete this, you will need access to DNS hosting service. In this demo, I am using Azure DNS zone, however, work closely with your organization hosting team to ensure a smooth process. Begin by adding the TXT record. Copy the TXT record name and its value from this dialog and enter them into your DNS hosting service. I am entering them in the Azure DNS zone as an example. DNS propagation does take some time, so I will pause this video for a few minutes and work on the DNS query command. Alright, now that the wait time is over, let’s verify by querying the DNS servers using the DICK command. As you can see, I received a successful response with the status and other details. Upon saving changes, cloud manager starts the domain name verification and reports success or failure here. Hang tight, we are almost there.

To verify the domain name follow these steps:

  • Add a domain name in Cloud Manager by following the add custom domain name documentation.
  • Add an AEM-specific TXT record in your DNS hosting service.
  • Verify the above steps by querying the DNS servers using the dig command.
# General syntax, the `_aemverification` is prefix provided by Adobe
$ dig _aemverification.[YOUR-DOMAIN-NAME] -t txt

# This tutorial specific example, as the subdomain `wknd.enablementadobe.com` is used
$ dig _aemverification.wknd.enablementadobe.com -t txt

The sample successful response looks like this:

; <<>> DiG 9.10.6 <<>> _aemverification.wknd.enablementadobe.com -t txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8636
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;_aemverification.wknd.enablementadobe.com. IN TXT

;; ANSWER SECTION:
_aemverification.wknd.enablementadobe.com. 3600    IN TXT "adobe-aem-verification=wknd.enablementadobe.com/105881/991000/bef0e843-9280-4385-9984-357ed9a4217b"

;; Query time: 81 msec
;; SERVER: 153.32.14.247#53(153.32.14.247)
;; WHEN: Tue Mar 12 15:54:25 EDT 2024
;; MSG SIZE  rcvd: 181

This tutorial uses Azure DNS, however any DNS provider can be used. To add the TXT record, you must follow the documentation of your DNS hosting service.

Review the checking domain name status documentation if there is an issue.

Configure DNS record

video poster

https://video.tv.adobe.com/v/3427907?quality=12&learn=on

Transcript
The next crucial step is confirming the DNS records. Currently, the domain may not resolve, and to fix this, we have two options. CNAME record or APEX record. In my case, since I am using a subdomain like vkain.enablement-adobe.com, I will use the CNAME record option. However, if you are not using a subdomain, you must opt for the APEX record, which points to specific IP addresses. I will now head over to the Azure DNS zone to add the CNAME record. In my case, the CNAME is vkain.enablement-adobe.com and the target is cdn.adobe-aem-cloud.com. Remember, DNS propagation takes some time. After waiting for the necessary duration, I am ready to trigger the resolution in the Cloud Manager UI. Congratulations! It succeeded!

To configure the DNS record for your custom domain follow these steps:

  1. Determine the DNS record type (CNAME or APEX) based on the domain type, like root domain (APEX) or subdomain (CNAME), and follow the Configuring DNS Settings documentation.
  2. Add the DNS record in your DNS hosting service.
  3. Trigger the DNS record validation by following the Checking DNS Record Status documentation.

In this tutorial, as a subdomain wknd.enablementadobe.com is used, the CNAME record type that points to cdn.adobeaemcloud.com is added.

However, if you are using the root domain, you must add an APEX record type (aka A, ALIAS, or ANAME) that points to the specific IP addresses provided by Adobe.

Site verification

video poster

https://video.tv.adobe.com/v/3427904?quality=12&learn=on

Transcript
Now, let’s verify the weekend site on our custom domain. Fantastic! It’s working as expected, with all pages and hyperlinks rendering correctly, the custom domain setup for our weekend site is now complete. This concludes the demo. You have learned how to configure a custom domain for your AMS Cloud Service site. From generating SSL certificates and adding them to the cloud manager, to verifying domain ownership and configuring DNS records, the process is seamless. This ensures your AM hosted site is accessible via your branded and secured domain, providing an enhanced experience for your users. You are now ready to go live. Thank you.

To verify the site is accessible using the custom domain name, open a web browser and navigate to the custom domain URL. Make sure that the site is accessible and the browser shows a secure connection with the padlock icon.

End-to-end video

You can also watch the end-to-end video that demonstrates the overview, prerequisites, and above steps to add a custom domain name to AEM as a Cloud Service-hosted site.

video poster

https://video.tv.adobe.com/v/3427817?quality=12&learn=on

recommendation-more-help
4859a77c-7971-4ac9-8f5c-4260823c6f69