Suppose that you want to make Acronis Cyber Cloud services available from your domain: cloud.example.com (in the guidelines below, replace cloud.example.com with your domain name). This feature is applicable to Acronis Cyber Cloud services.
For partners that want to make Acronis services available via their own domain, the option is provided to enable this functionality by providing a certificate to secure the traffic. This document describes the process for a partner to enable branded URL with HTTPS enabled via TLS certificate provided by the partner.
For partners who already have a branded domain, which has a TLS certificate which is due to expire. This guide will allow such partner user to upload a new certificate and change DNS settings to point to the new location, enabling self-managed certificates with expiry notifications.
Please make sure that the branding is enabled for the group id you wish to use for URL customization.
It is not possible to customize URL for each service separately (like backup.example.com and files.example.com). Each service will have an URL like: cloud.example.com/mc, cloud.example.com/bc, cloud.example.com/fc, cloud.example.com/notary
It is not possible to use the same DNS name for multiple groups.
Identify the required files
You will need the .PEM file to proceed, if you already have it, you may skip this step.
If the customer has not provided the .PEM file and instead of it you have .PFX, .P12 or .PB7, follow the steps below the generate the .PEM file:
If the customer has provided .pfx file, you can extract .pem from it using OpenSSL (for Windows or for Linux):
Enter pass phrase for enc.key: -> Enter password and hit return
writing RSA key
If the customer has provided .crt +.key files, you can merge them into .pem: create a single .pem file that contains the following: customer's certificate (should be first in the file), the private key for the certificate, and all the intermediate certificates, including the root certificate of the CA. No empty lines are allowed in the file.
6. You may need to reconstruct the certificate chain, to do that:
Open the .PEM file provided by the customer in text editor
Copy everything EXCEPT the private key because this is confidential customer's info
1. Define a CNAME record to resolve the name cloud.example.com into the respective Acronis domain name.
Do one of the following depending on whether you have an account in only one Acronis data center or in multiple data centers.
You have an account in only one Acronis data center. This is a typical case.
Set up a single CNAME record to resolve the name cloud.example.com into an Acronis domain name according to the data center where your account is located:
You have accounts in multiple Acronis data centers worldwide (meaning that Acronis has provided you with separate logins from different groups), and you want to use a single domain name to work with all of them. This case normally applies to larger service providers and to providers whose users are spread across continents.
Set up the following CNAME record: cloud.example.com → cloud.acronis.com.
In addition, set up CNAME records for each Acronis data center where you have an account, as follows:
2. Create a Certificate Sign Request for an SSL certificate for the domain name (or names) that you created in the previous step. As a security best practice, we recommend that you request a certificate for those names only; to do this, specify each name (such as cloud.example.com) in the Subject Alt Name field of the request. Alternatively, you can request a wildcard certificate (that is, a certificate whose Common Name is *.example.com).
The branding tool is not compatible with 2FA. Please disable 2FA temporarily, apply branding, then re-enable 2FA. Alternatively, you can temporarily switch your account to a service account (as described in product documentation)
3. To set a certificate and key, you need the following information:
A file containing the certificate you want to upload (absolute or relative path)
A file containing the key you want to upload (absolute or relative path)
For example, given a username ("Login" in GUI) of "JohnDoe", a tenantID of "11111111-22222222-3333-444444444444", a certificate file: "cert.pem", a key file: "myKey.key", and a cname of "example.com", the tool is run by invoking the command below in the command line:
There will be some delay (approximately 5 minutes) before the certificate is applied.
4. After the certificate is uploaded, ask your DNS registrar to set up a CNAME record to resolve the name cloud.example.com into the respective Acronis domain name, specified in step 1. It is possible to run the cli tool with the verification option, “-verifySuccess=true” before moving DNS entries to ensure that certificate has been successfully applied.
You can only delete certificates uploaded using this tool, it will not delete "old method" certificates.
To delete a certificate you need the following information:
The tenant ID (of a partner group with branding enabled) to delete the certificate from
For example, given a username ("Login" in GUI) of "JohnDoe", and a tenantID of "11111111-22222222-3333-444444444444" The tool would be run as follows: