SaranshS.11481 (Customer) asked a question.
Hello,
We have 2 SPs that mandate that we need to update the certificate provided during setup of application in Okta to be signed by a trusted CA and it cannot be a self-signed certificate.
To comply with their request, I created a CSR based on the information provided below following the documentation from https://developer.okta.com/docs/how-to/byo_saml/:
{
"subject": {
"countryName" : "US",
"stateOrProvinceName" : "California",
"localityName" : "San Francisco",
"organizationName" : "My Company Name",
"organizationalUnitName" : "Technology",
"commonName" : "our okta org url"
},
"subjectAltNames":
{
"dnsNames": [ "our okta org url" ]
}
}
We also went ahead to submit a request for getting a certificate based on CSR from Comodo(now Sectigo).
But now face the problem of Domain Control Validation (DCV) as we do not have access to any email based on our okta domain url (eg: admin@our_okta_org_url.com) nor can we get the validation done using WHOIS record for okta.com (registrar@okta.com).
Nor can we get HTTP based validation for DCV completed.
I would appreciate any help/guidance in this matter if I am following the right steps or if something else needs to be done in this regard.
Thank you and Regards,
Saransh Singh.
Hello Saransh Singh,
Leaving from the documentation provided I see that steps nr 3 may cause the problem, but for a better understanding of your configuration and request we do recommend to open a support case for this request.