---
title: "Certificate Manager"
slug: "360025534473"
tags: ["Essentials", "Premium", "Enterprise"]
updated: 2026-04-22T07:41:00Z
published: 2026-04-22T07:41:00Z
canonical: "support.perimeter81.com/360025534473"
stale: true
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Certificate Manager

This article describes how to configure a URL alias for a Zero Trust application, thus enabling you to connect to the application with a domain-associated user-friendly URL.

- [Uploading Domain SSL Certificates](/v1/docs/url-alias#upload-domain-ssl-certificates)
- [URL Aliasing for Zero Trust Applications on Harmony SASE](/v1/docs/url-alias#url-aliasing-for-zerotrust-applications-on-harmony-sase)

Note -

If compatibility with GnuTLS is required, call openssl x509 on the exported CA certificate.

For more information, see [GnuTLS certificate compatibility](https://www.happyassassin.net/posts/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/).

## Upload Domain SSL Certificates

**A domain-validated certificate (DV)** is an X.509 digital certificate typically used for Transport Layer Security (TLS) where the domain name of the applicant is validated by proving some control over a DNS domain.

1. To add Application Domain Certificates, go to **Settings/Certification Manager.**  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/CertificateManager.PNG)
2. The **Upload Certificate** screen displays. Fill in the **Certificate Body**, **Private****Key**, and **Chain**.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/UploadCertificate.jpg)
3. Select **Validate** to ensure this certificate is correct and then click **Apply** to upload the certificate.

## URL Aliasing for Zero-Trust Applications

URL aliasing enables Zero-Trust Applications on the Check Point SASE platform to utilize a custom URL instead of the default FQDN assigned upon creation. This feature is essential for applications that establish connections from a trusted customer domain rather than the default Harmony Zero-Trust Application domain (pzero.perimeter81.com). It is used to authenticate the accessed resource through the company’s domain and help troubleshoot security blocks, such as CORS issues when web servers require connections from a trusted Domain-Validated SSL certificate.

To define a URL Alias:

1. Log in to the Check Point SASE Administrator Portal.
2. Go to **Private Access** > **Applications**.
3. Find or set up the application you wish to alias.  
Note:The Zero Trust Application’s FQDN is allocated in the Check Point SASE Administrator Portal only after you save your application’s settings.
4. Once the application settings are saved, in the **FQDN**field, click ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1740974443215.png)to copy the FQDN.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1740974631819.png)
5. Go to your public DNS server (example: GoDaddy or Route53), define a **CNAME**record on a validated domain that points to the copied FQDN.
6. Go back to the Application page on the Check Point SASE Administrator Portal, navigate to the **URL Alias** section, and turn on the **URL Alias** toggle button.
7. In the **External Domain (CNAME)** field, enter the CNAME associated with your domain.  
Note - The value entered in the **External Domain (CNAME)** field must be resolvable through a public DNS server.
8. From the **SSL Certificate** list, select the certificate.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1741020037459.png)
9. If your security mechanisms require the connection to originate from a specific host for authentication:
  - Go to the **Custom HTTP Headers**section.
    - In the **Name**field, enter **Host**.
    - In the **Value**field, enter the configured CNAME.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1740975961143.png)
10. Click **Apply**.