Create a Custom Hostname for Your BeyondTrust Cloud Site

Cloud Security Certificates Tab

To configure your BeyondTrust Cloud Appliance with a custom URL that matches your domain name, please follow the steps below.

  1. Register your custom CNAME in DNS (internal and external web host, if necessary), and point it to the BeyondTrust-supplied URL of your Cloud Appliance.
  2. Once the site is online, create a certificate signing request (CSR) for submission to your certificate authority.

If you are using an existing wildcard SSL certificate, you can skip to step 5.

  • To create the CSR, log in to the /login web interface of your BeyondTrust Cloud Appliance and go to Appliance > Security > Certificates.
  • In the Security :: Certificate Installation section, click Create, and then fill out the CSR form.
    • Certificate Friendly Name: Enter your requested CNAME URL.
    • Key: Select a key from the dropdown list. Verify with your certificate authority which key strengths they support. Larger key sizes normally require more processing overhead and may not be supported by older systems. However, smaller key sizes are likely to become obsolete or insecure sooner than larger ones.
    • Country: Enter your organization's two-character Country code. If you are unsure of your country code, please visit ISO 3166 country codes
    • State/Province: Enter your jurisdiction name, if applicable. Enter the full name, as some certificate authorities do not accept an abbreviation.
    • City (Locality): Enter your city or town.
    • Organization: Enter the name of your company.
    • Organizational Unit: Enter the name of the group or department within the company than manages the certificate and/or the BeyondTrust deployment for the organization.
    • Name (Common Name): Enter your requested CNAME URL.
    • Subject Alternative Name: Enter your requested CNAME URL and then click Add.
  • Click Create Certificate Request and wait for the page to refresh.
  1. Export your new CSR.
    • Once back at the Certificates page, scroll down to the Security :: Certificate Requests section.
    • Click the subject of your new certificate request.
    • Select and copy the Request Data, including ----- BEGIN CERTIFICATE REQUEST ----- and ----- END CERTIFICATE REQUEST -----.
    • Copy the text to a text editor, and do not adjust formatting.
    • Save the document to your workstation as a plain text document such as BeyondTrustCertRequest.txt.
  2. Obtain your SSL certificate from a certificate authority.
    • Log in to your certificate authority's web site to obtain your SSL certificate.
    • When asked to submit your CSR, paste the entire text of your BeyondTrust CSR into their site.
    • If required to select a web server type, submit that the server is Apache-compatible. If given more than one Apache type as options, select Apache/ModSSL.
  3. Import your entire SSL certificate chain to your BeyondTrust Cloud Appliance.
    • Log in to your /login web interface and navigate to Appliance > Security > Certificates.
    • Click Import.
    • Browse to each of your SSL certificate files, one at a time (unzipped).
    • Click Install Certificate, if prompted.

If you are importing an SSL certificate from another server, you must import its associated private key file, as well.

  1. Send your SSL certificate chain to BeyondTrust Support. BeyondTrust needs this data to rebuild your site software.
    • Log in to your /login web interface and navigate to Appliance > Security > Certificates.
    • Find the certificate that is Issued To the new CNAME of your Cloud Appliance.
    • Check the box on the left of this particular certificate.
    • Click the dropdown above, select Export, and then click Apply.
    • On the next page, uncheck the Private Key box. Make sure to check the boxes entitled Include certificate and Include certificate chain.
    • Click Export once more.
    • Send an email to BeyondTrust Support with the downloaded SSL certificate file attached.

If you are unable to check the box Include certificate chain, then you may be missing one or more certificate segments. Please contact BeyondTrust Support for assistance.

 

DO NOT send your private key to BeyondTrust! Private key files usually have a .p12 extension.

  1. BeyondTrust Support uses your new SSL certificate data to build a custom software update. When this is ready, BeyondTrust sends you an email with installation instructions.
  2. Assign an IP address to the SSL certificate.
    1. After you apply the custom software update, log in to your /login interface and navigate to Appliance > Security > Certificates.
    2. Select the Default radio button next to your new certificate.
  3. The custom CNAME accesses your BeyondTrust Cloud site.