Last Updated on February 7, 2025 by Rakesh Gupta

Big Idea or Enduring Question:

• How can you configure a custom domain for an Experience Cloud site?

Objectives:

After reading this blog, you’ll be able to:

1. Understand different methods for verifying and provisioning a custom domain
2. Understand CA-Signed Certificates and their role in domain security
3. Learn about Salesforce CDN and its benefits
4. Configure a custom domain for your Experience Cloud site
5. Set up a custom domain in a Sandbox environment
6. Correctly map a custom domain to your Experience Cloud site
7. And much more!

Business Use case

Olivia Bennett, a Junior Developer at Gurukul on Cloud (GoC), is part of a team tasked with building an Experience Cloud site for the company’s help portal. The goal of this portal is to serve as a self-service knowledge hub, enabling customers to access resources, learn about GoC’s products, and troubleshoot issues independently.

The team has successfully developed and deployed the Experience Cloud site (Name – Help), making it accessible via the default Salesforce domain: https://gurukuloncloud.my.site.com/s/

While the portal is fully functional, it currently uses Salesforce’s default domain structure, which is not ideal for branding, user experience, or SEO optimization.

To align with GoC’s branding strategy, management has requested a custom domain to provide a more seamless and professional experience for customers. Instead of using the Salesforce-provided domain, they want the portal to be accessible via: https://help.gurukuloncloud.com/

What Is a CNAME Record?

Before we start configuring a custom domain for Experience Cloud, which typically takes no more than 30 minutes at least in my case, it is important to understand the basic terminology and the tools required for configuration.

When you create an Experience Cloud site, it by default runs under the site.com or force.com domain (in my case, gurukuloncloud.my.site.com). This doesn’t look good from a branding and SEO perspective.

To address this, we use Salesforce CDN, which requires a CNAME. Salesforce CDN only serves subdomains, such as help.gurukuloncloud.com or docs.automationchampion.com. When using Salesforce CDN, Salesforce cannot serve a registrable domain like automationchampion.com.

A CNAME (Canonical Name) or vanity URL allows businesses to mask Salesforce-hosted Experience Cloud sites with a branded URL. Instead of a default Salesforce domain, you can set up a CNAME like help.gurukuloncloud.com, ensuring all Experience Cloud pages and content reflect your brand.

This enhances trust, security, and user experience by assuring visitors that they are interacting with an official, branded site.

What Is Salesforce CDN?

Salesforce CDN (Content Delivery Network) is a globally distributed network of servers designed to improve the performance, speed, and security of Experience Cloud sites and other Salesforce-hosted content. It helps deliver assets like images, stylesheets, scripts, and pages efficiently by caching them closer to the end users.

The Salesforce CDN includes an image optimization feature that makes your site pages load faster for guest users, whether they’re viewing your site on their phone, tablet, or desktop computer. In addition, the Salesforce CDN comes with configurable availability pages. You can display a custom Service Not Available page when your site is down or a custom Too Many Requests page when your site is in high demand.

Key Benefits of Salesforce CDN:

1. Improved Performance: Reduces page load times by serving cached content from the nearest server location.
2. Enhanced Security: Protects against DDoS attacks and ensures secure content delivery.
3. Better Scalability: Handles high traffic efficiently without impacting site performance.
4. SEO & Branding Benefits: Works seamlessly with custom domains and CNAMEs, improving brand consistency and search engine ranking.
5. Reduced Salesforce Server Load: Offloads content delivery to CDN servers, ensuring better system performance.

Salesforce CDN is the recommended option for custom domains that serve Digital Experiences, including those built with Experience Cloud, Commerce, and Industries licenses. For Commerce LWR sites or sites hosted on Experience Delivery, the domain uses Cloudflare as the CDN partner service. Other domains use Akamai as the CDN partner.

Things to Remember

1. To minimize the impact to your users, activate the Salesforce CDN when your site traffic is low.
2. The maximum URI size limit for the Akamai platform is 8892 bytes. This limit allows close to 9,000 characters on the URI path.  
3. The maximum URI size limit for Cloudflare is 16 kilobytes.
4. Orgs that host LWR Commerce sites or sites hosted on Experience Delivery and use the partner, Cloudflare, get 5 branded certificates and no limit on traffic per year.
5. Orgs that purchase Experience Cloud licenses and use the partner, Akamai, get 10 Experience Cloud CDN single certificate domains and 48 terabytes (TB) of traffic per year.
6. Web application firewall and rate-limiting security features are included for sites that use the Salesforce CDN with single domain certificates. 
7. When you enable the Salesforce CDN, your domain uses either Akamai or Cloudflare for optimized content delivery.
8. Only Apex methods annotated with @AuraEnabled(cacheable=true scope=’global’) are cached. Caching public data from annotated Apex methods in managed packages is enabled by default. 

Reference – Salesforce help article

What is a CA-Signed Certificate?

A Certificate Authority (CA) is a trusted entity that issues digital certificates to verify the authenticity of websites. When you visit a site with HTTPS and a padlock icon in the URL bar, it means the site has been validated by a CA. Conversely, a Not Secure warning indicates the absence of a valid SSL certificate.

A CA-signed certificate is an SSL certificate issued by a trusted third-party CA like Comodo, Let’s Encrypt, or GlobalSign. To obtain one, you generate a Certificate Signing Request (CSR), submit it to a CA, and upload the issued certificate back into system (Salesforce).

Benefits of CA-Signed Certificates:

1. Greater Security Control: Choose encryption levels and advanced validation (e.g., Extended Validation (EV) certificates).
2. Wildcard Support: Secure multiple subdomains (e.g., docs.gurukuloncloud.com, docs.gurukuloncloud.com) with a single certificate.
3. Regulatory Compliance: Necessary for organizations with strict IT security policies that mandate specific SSL providers.

CA-Signed Certificates vs. Salesforce CDN-Managed SSL: Understanding the Best Approach

Choosing between a CA-Signed Certificate and Salesforce CDN-Managed SSL depends on your organization’s security needs, budget, and technical capabilities. While CA-signed certificates offer greater control and wildcard support, they require manual management. On the other hand, Salesforce CDN-Managed SSL is a hassle-free, automated solution that enhances performance and security at no additional cost.

Here’s a comparison to help you decide:

For most businesses, Salesforce CDN-Managed SSL (Via Let’s Encrypt) is the best choice due to its automation, zero cost, and enhanced performance. However, if you require specific security settings or wildcard support, a CA-signed certificate may be necessary. We will use Salesforce CDN to configure custom domain for experience cloud site. 

Where Can You Configure It?

Adding a custom domain to your Experience Cloud site is available only in Enterprise, Performance, and Unlimited editions. This feature cannot be configured in a Free Developer Edition org.

Additionally, configuring a custom domain is only possible in your production org. However, it is possible to point a custom domain to one of your sandboxes if needed. For that, when adding a custom domain, use the Associated Org drop-down to select the appropriate sandbox or production org before proceeding with the configuration.

Automation Champion Approach (I-do):

Formative Assessment:

I want to hear from you!

What is one thing you learned from this post? How do you envision applying this new knowledge in the real world? Feel free to share in the comments below.