Set up a CNAME and Acquire a TLS Certificate

As an IT administrator, perform the following steps to set up a CNAME and acquire a TLS certificate for your white-labeled domain:

  1. Define a CNAME record to the new white-labeled domain to {your-subdomain-name}.on.gooddata.com. If you already have an environment within GoodData, set up the CNAME record to point to its hostname. Apply this DNS change within your domain.
  2. Decide how you want to manage TLS certificates. Choose from the following options: 
    • You let GoodData manage the certificates using Let’s Encrypt.  GoodData uses Let’s Encrypt to generate a certificate for you, check its validity period, and generate a new certificate when the current one is approaching its expiration date. The whole process is done at GoodData’s side and does not require any action from you. To let GoodData manage the certificates, contact GoodData Support. In your request, include the confirmation of CNAME creation.  

    • You manage the certificates yourself. To do so:

      1. Generate a Certificate Signing Request (CSR) file. This file is required as a part of the request to a certificate authority for issuing a TLS certificate.

      2. Acquire a TLS certificate for the new domain. 

        • The certificate must be in PKCS12 format (preferred).
        • The certificate must contain both public and private components.
        • Common Name (CN) of the certificate must be the new white-labeled domain (for example, analytics.example.com).

        It is your responsibility to acquire the CSR file, private key, and certificate. Because GoodData cannot acquire or generate these assets for you, we suggest that you use publicly available knowledge resources. For example, searching the Internet for “Key and CSR Generation Instructions” yields sufficient results. If you still need help, contact GoodData Support.

      3. Send the following items to GoodData Support:

        • Confirmation of CNAME creation

        • Both the certificate and the corresponding private key in PKCS12 or PEM format (preferred), in an encrypted form