Set up a CNAME and Acquire a TLS Certificate

As an IT administrator, perform the following steps to set up a CNAME and acquire a TLS certificate for your white-labeled domain:

  1. Define a CNAME record to the new white-labeled domain to <customer>.{na|ca|eu}.gooddata.com.
    Apply this DNS change within your domain.
    For example, if your white-labeled domain should be accessible from analytics.example.com and you are using a North American datacenter, create a CNAME to point from that destination to example.na.gooddata.com, for the European datacenter, use example.eu.gooddata.com.
    For more information, see GoodData Datacenters and Data Loading and IP Whitelisting.
  2. Generate a Certificate Signing Request (CSR) file. This file is required as a part of the request to a certificate authority for issuing a TLS certificate.
  3. Acquire a TLS certificate for the new domain.
    This certificate must have the following characteristics:
    • Be in PKCS12 format (preferred)
    • Common Name (CN) of the certificate must be the new white-labeled domain (e.g. analytics.example.com)
    • Contain both public and private components

    It is your responsibility to acquire the CSR file, private key, and certificate. GoodData cannot acquire or generate these assets for you. For more information, see Key and CSR Generation Instructions. If you need help with acquiring them, contact GoodData Support.

  4. Send the following items to the person managing the white-labeling process with GoodData Support:
    • Confirmation of CNAME creation
    • Both the certificate and the corresponding private key in PKCS12 or PEM format (preferred), in an encrypted form

      We strongly recommend that you encrypt both the public and the private components. The private key contains sensitive information, which an unauthorized person can use to impersonate the server identity. To encrypt, you can use the GoodData PGP key or another encryption method available on your side.
      For the guidelines on how to encrypt a document using PGP, see the GNU Privacy Handbook.