Creating a Custom Domain and Configuring SSL for Your Skilljar Training Site

by Skilljar SSE Team
Follow

With Skilljar, you can configure your training site with a custom domain of your choice (e.g. training.company.com or www.companytraining.com). This article will walk you through the steps to set this up.

Custom domains are given SSL by default with an SSL certificate managed by Skilljar. If you'd like to provide your own SSL certificate, feel free to contact Skilljar Support.

Jump to our Custom Domain and SSL FAQ

1. Decide on your training site's custom domain name

2. Send us your custom domain name request

Reach out to Skilljar Support to request a new domain. We’ll let you know once we receive your request, then follow up when your custom domain is added to your Skilljar organization.

3. Add CNAMEs to your DNS records

We'll follow up with 2 CNAME records. The first is to map your training domain, and the second is to manage the SSL certificate. They'll look similar to the following:

Example domain: training.company.com

Name Value
training training.company.com.skilljarapp.com
_abc123.training _abc123.acm-validations.aws.

A few things to be mindful of:

  • Leading underscores are required in the SSL certificate CNAME record
  • Some DNS providers (GoDaddy) add an extra root domain on the end (e.g. training.company.com.company.com) – you'll want to de-duplicate this by removing the .company.com if necessary. 

4. Wait for your site to be available

After the CNAMEs are added, our automated system will do the rest. It will take between 1-2 hours for your site to be available.

As long as the SSL validation CNAME remains in your DNS records, the SSL certificate will renew automatically.

How it Works

Skilljar uses AWS Certificate Manager to create and store SSL certificates for custom domains. Since the SSL endpoint relies on a valid certificate to launch, it won't be available until the validation CNAME has been entered, or a provided SSL certificate has been imported.

Here's a visual of the SSL process.

CloudFront_SSL.png

Frequently Asked Questions

Why should I use a Skilljar managed certificate over buying one?

There are multiple great reasons for allowing Skilljar to manage the SSL certificate:

  • It's free - The SSL certificates Skilljar uses cost nothing to create, unlike all other certificate authorities.
  • It's secure - The SSL certificates are created through AWS where millions of companies utilize these certificates everyday. The certificate files are also never shared, so there's no chance of a malicious party getting a hold of them.
  • Automated renewal - The SSL certificates will automatically renew every 13 months as long as the validation CNAME is still in your DNS provider.

Can I trust the Skilljar managed certificate, and how secure is it?

Skilljar’s SSL certificates are managed by AWS, where millions of the most popular domains use them every day.

Certificate public keys are 2048-bit RSA. Detailed information on the SSL certificates can be found in the AWS Certificate Manager documentation here:

https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html

Can I use a root/apex domain?

At this time, root domains can’t be used for your Skilljar training site. If you'd like to purchase a new domain for your training site, you'll need to have www. (or any other subdomain) prepended to the domain. Note: You'll also need to setup a redirect from the root domain to the www. domain.

Why does my skilljarapp.com domain not go anywhere?

In order for your skilljarapp.com domain's DNS record to be active, Skilljar must have a valid SSL certificate in our system. The SSL endpoint relies on the SSL certificate, and once the certificate is issued, the SSL endpoint will automatically be created along with the skilljarapp.com DNS record.

Why does my skilljarapp.com domain show a 403 error?

The CloudFront endpoint looks for your custom domain name when attempting to navigate to it. Since the skilljarapp domain is not associated with the CloudFront endpoint, it will display a 403 error. Even though your domain has a CNAME to the skilljarapp domain, CloudFront sees your domain as the Host and will resolve correctly.

Why does it take between 1-2 hours after the validation CNAME is added?

This is the propagation window for the resources to provision in Skilljar's infrastructure. This is because the SSL endpoint is reliant on the SSL certificate before it can be created. The SSL certificate itself takes time to validate as well.

It’s been over 2 hours and my domain isn’t working, why is that happening?

While the CNAME validation can take from 5 to 30 minutes to issue the certificate, a CNAME may have been entered into your DNS provider incorrectly. A CNAME can be verified using any online tool. e.g. https://mxtoolbox.com/CNAMELookup.aspx

If you're not seeing any results, the CNAME may be missing or have been entered incorrectly.

Troubleshooting

One common error is including an extra domain on the end (e.g. _abc123.learn.company.com.company.com). If there is, you'll want to re-enter the CNAME with just _abc123.learn as the name, removing the root domain.

Another common error is missing the leading underscore in the validation CNAME.

Powered by Zendesk