Overview

By default, all portals have a fully-qualified domain name (FQDN) that uses the Appian environment name for the subdomain and appianportals.com for the domain. For example, if an environment is called insurecorp, the URLs for portals published from the environment will use insurecorp.appianportals.com.

This works well for many use cases. However, some organizations prefer to have more control over the URLs for their portals. That's where custom domains come in.

Using a custom domain, you can configure your portal URLs to use a domain that you define. So the above example could use web.insurecorp.com instead of insurecorp.appianportals.com.

This page outlines how to configure a custom domain that all portals in your environment will use.

Choosing a fully-qualified domain name (FQDN)

A fully-qualified domain name (FQDN) is used to access the portals in your environment. It should consist of the following:

• Subdomain: The first segment of the URL delineated by a period.
• Domain: The main part of a domain name, which usually represents an organization or entity.
• Top-level domain (TLD): The last segment of a domain name, which comes after the final period.

For example, in quotes.home.insurecorp.com, the subdomain is quotes, the domain is insurance.insurecorp, and the TLD is com.

When you choose an FQDN, make sure it meets the following criteria:

• The FQDN must be different from the FQDN for the Appian environment.
  • If you have a custom domain for your Appian environment, the domain can be the same as long as the subdomain is different. For example, you can use mysites.insurecorp.com for your Appian environment and quotes.insurecorp.com for your portals.
• The FQDN must not contain the string appian.
• The FQDN must include exactly one subdomain.
• Domains:
  • Only use alphanumeric (A-Z, a-z, and 0-9, case-insensitive), period, and hyphen characters.
  • Use 1 to 63 characters.
  • Do not start with or end with a hyphen.
• Subdomains:
  • Only use alphanumeric (A-Z, a-z, and 0-9, case-insensitive) and hyphen characters.
  • Use 1 to 63 characters.
  • Do not start with or end with a hyphen.
• TLDs:
  • Only use alphanumeric (A-Z, a-z, and 0-9, case-insensitive) characters.
  • Use 2 to 63 characters.

DNS and certificate requirements

Make sure the DNS infrastructure resolving your domain is publicly accessible. Otherwise, certificate signing will fail, and end users will be unable to access the portal.

If you have a Certification Authority Authorization (CAA) record configured for your domain, make sure it lists Amazon certificate authorities as authorized. Otherwise, certificate signing will fail.

Appian does not support wildcard certificates, meaning the certificate must not use wildcard characters in the FQDN.

Configure a custom domain for your portals

You can configure one custom domain per environment. Appian Support will work with you to create a certificate and configure your environment to use the domain.

Once configured, all portals published from the environment will use the custom domain.

To configure a custom domain for your portals:

1. Open a support case with Appian Support. Include the FQDN you would like your portals to use and request a certificate for the FQDN.
   • Appian Support will provide you with two canonical name (CNAME) records. One will be used to validate the certificate with AWS Certificate Manager and the other will be used to resolve the portal's FQDN to Appian's infrastructure.
2. Create the provided CNAME records in your DNS infrastructure.
3. Update the support case to indicate that you have created the records.
   • Appian Support will configure your environment to use the custom domain and schedule a maintenance window to restart the environment. After the environment restarts, the published portals in the environment will automatically republish. After they republish, they will use the custom domain.

Certificates and renewal

The certificates are created and hosted in AWS Certificate Manager (ACM). They are signed by an Amazon certificate authority, and the private key cannot be exported from AWS.

Because the certificate is created and hosted in ACM, it will be automatically renewed if the following conditions are met:

• The DNS records used to validate the certificate remain in place.
• The certificate is in use when it is nearing expiration and ready to be renewed.
• If you have a CAA record configured for your domain, it lists Amazon certificate authorities as authorized.

If the certificate expires due to one of the criteria not being met, open a support case with Appian Support to create a new certificate.