Error: "The Specified Certificate Does Not Match your Custom URL Domain"
Last Updated:
Overview
When an Okta Org is configured with a custom Okta domain and uses the option Bring your own certificate (advanced), if that TLS certificate is a wildcard certificate, it must include the full URL in the Common Name (CN) or Subject Alternative Name (SAN) when it is generated. Otherwise, the following error occurs when attempting to upload the certificate:
The specified certificate does not match your Custom URL Domain
Applies To
- Okta Administration
- Custom URL Domains
- Okta Classic Engine
Cause
The uploaded wildcard certificate does not contain the full URL in the Common Name (CN) or Subject Alternative Name (SAN). This issue only occurs when using the option Bring your own certificate (advanced).
Solution
To resolve this, the TLS certificate must be generated with a Common Name (CN) or Subject Alternative Name (SAN) entry that reflects the full URL for the custom domain. For more information, please check Related References.
