Creating custom domains for Bluemix Cloud Foundry applications

For Cloud Foundry apps and container groups, you can use a custom domain in the URL of your application instead of the default Bluemix system domain of mybluemix.net. Custom domains are defined at the organization level. To define a domain, register the domain with a name service provider, add a CNAME record to map host names for the domain to the Bluemix secure router, and then add the custom domain to the organization.

After it’s defined, you upload a signed wildcard (all hosts) domain certificate and associated private key through the web UI or Bluemix CLI.

These are the supported file formats for certificate files:

  • PEM (.pem, .crt, .cer, and .cert)
  • DER (.der or .cer)
  • PKCS #7 (.p7b, .p7r, .spc)

When using SSL with a custom domain, access to applications within the domain can be configured to be authenticated by client certificates. To configure this feature, the developer must upload a file that contains a set of client certificates, also known as the Client certificate trust store. The trust store must be in one of the supported file formats.

The use of self-signed certificates is supported for testing and development scenarios. When using self-signed certificates, upload signer certificates to client browsers to avoid browser security exceptions.

Related links

Bluemix documentation: Securing Apps