Unraveling host mapping for Zendesk

When you first start your Zendesk subscription, the URL for your Zendesk web portal is some variation on mycompany.zendesk.com. Since all companies take great stock in managing their brand, Zendesk offers you a feature on our Regular, Plus+ and Enterprise plans called host-mapping that allows you to show your own branded URL to all customers accessing your Zendesk. 


Note: For additional information about host mapping, see Changing the address of your web portal (host mapping) in the Zendesk Administrator's guide.

Modify Your CNAME Record

To get this working, you’ll need to make a few changes to your subdomain’s DNS. When dealing with DNS changes like CNAME records, Time To Live (TTL), and Secure Socket Layer (SSL) certificates, things can get complicated. Here’s a walk-through that should make this easier to understand.

Assuming you already have your desired subdomain ready to go (ie. support.mondocameras.com), you’ll need to make a DNS change. This is done through the host where your domain resides. The change you will be making is to the CNAME record. 

As shown above, point the CNAME record for your subdomain (shown in the “Host Record” field in this example) to your Zendesk subdomain, as shown in the “Points to” field. The end result should look like the following:

Once this has been done, allow some time for DNS propagation. DNS changes typically take anywhere from a few hours to a day – depending on your Time To Live (TTL) settings – to reflect the changes. In the meantime, you may see some redirects. TTL can be altered at the host level if you have access to this.

Enable Host Mapping

Next, log in to your Zendesk. Go to Settings > Account > Branding, and under the Host mapping field, add your custom subdomain; ie. support.mondocameras.com. This enables the host-mapping to occur. 

If you don’t do this, your subdomain will point to a Zendesk error page, rather than your page.

Host Mapping and SSL

Keep in mind when host-mapping your subdomain, Zendesk provides a free SSL certificate for all *.zendesk.com domains. Now that you’re using your own subdomain, our SSL certificate will no longer apply, and you may experience a certificate error. Or rather than seeing your subdomain map to your Zendesk, your customers will be redirected from your support.mycompany.com URL to the mycompany.zendesk.com URL.

If you are on the Plus+ or Enterprise plan, you have two options: 

  1. Turn off SSL, and stick with HTTP (non-encrypted communication) for your custom domain. To do this, go into your Zendesk under Settings > Security > SSL. Uncheck the Regular SSL box and click Save. This will stop any incorrect redirections you or your customers may be experiencing. 
  2. Use Hosted SSL in order to enable HTTPS (encrypted communication) for your custom subdomain. To do this, go into your Zendesk under Settings > Security > SSL. Below Hosted SSL, you will see a description as well as a link to generate a certificate request (CSR). Clicking this link will download a .csr format file to your computer. You will need to provide the CSR to an SSL Certificate Authority who would then generate a certificate for your custom subdomain (ie. support.mondocameras.com) and provide you with a certificate bundle. Before paying for the certificate, make sure the certificate authority supports SHA-2 encryption. The CSR uses SHA-2 encryption.

    If you would prefer to use a wildcard certificate, you can upload that here, along with your private key and passphrase if applicable. 

    Note: When using Hosted SSL make sure you enable Regular SSL again or you may run into complications. 

  3. Next, simply upload that in the same location you generated your certificate request within Zendesk. The installation process on our end takes up to five business days, at which point our wonderful Ops team will reach out to you with next steps. You will be given instructions to make an additional CNAME record change for your subdomain, to a new CNAME record URL reference which is created when your SSL certificate is installed.  (ie. support.mondocameras.com to mondocam.ssl.zendesk.com).  

If you are a Regular plan customer, Hosted SSL is not supported. So you will have to choose option 1 for now or upgrade to Plus+ or Enterprise. While using SSL is not a requirement, it is definitely suggested as a best practice.

Hope this helps you customize your Zendesk URL and continue providing your users with great support, branded to match your company! If you have any additional questions, you can contact our support team at support@zendesk.com

Have more questions? Submit a request


  • Avatar
    Defesa do Consumidor (Dev Team)

    Is there a time limit to do the upload? My app is not ready to production but i have already generated the csr and obtained the certificate.


  • Avatar
    Sara Menefee

    Hi there Alexandre, 

    The ability to download the certificate request after it is generated expires after 5 days. However, if you have already downloaded it and obtained your certificate bundle, you should be able to upload it at any time when you are ready. So long as you do not generate another certificate request. :) 

    If you encounter any issues, feel free to write in to us at support@zendesk.com

  • Avatar
    Neil Rose

    What format do you need the SSL response returned as?  I have tried saving the response as a .txt as well as a .crt and keep getting the error message of "The uploaded certificate is badly formatted".  Thanks!

  • Avatar
    Sara Menefee


    The actual certificate must be a .crt file type.

    When you upload the certificate bundle to Zendesk for install, it should be contained within a compression file formatted folder, (ie. certificate.zip). If you have changed the file type from .crt to .txt of the actual certificate, depending on how you did this you might have a corrupted file. You should be able to get the .crt from your certificate authority if you believe you have corrupted it and attempt the upload again. 

    If you continue to experience this error Neil, please write in to us at support@zendesk.com so we can assist you further. 

  • Avatar
    Sean H


    We uploaded our SSL certificate to use hosted SSL, any chance we can get it approved faster than the  upto 5 business days.

    Many thanks

  • Avatar

    Hey Sean: 

    Fire a ticket to support@zendesk.com and we'll see what we can do. 

  • Avatar
    Darren Middleton

    Just been through this guide and found that uploading via the interface fails when using a .zip file of the .crt certificate.

    The only way it worked was to actually upload the .crt file via the admin portal. This contradicts the above notes to use .zip and caused confusion.

    Also it might be best to highlight the format you require as well. We found only X509 cert was valid, and this cert was not allowed to include the intermediate or root certs in the file either. 

    We use Thawte as our our provider who give you several options to copy the certs from their admin interface. X509 with all 3 certs, and PKCS7 format, even using your CSR file to request the cert.

    Knowing which options to use would ensure the file we grab from our provider is compatible with what your systems would expect. This would be helpful to note or elaborate on in the guides. Unless of course this is a bug in the .crt check performed on the upload process via your admin portal?

  • Avatar

    Hey Darren: 

    Thanks for your post! I'm going to forward your comments on to the right folks. Something seems a bit off. 

  • Avatar
    Sean Serrels

    We've done this and our web portal is updated for the customers to be using our http://help.paloalto.com subdomain.

    However, I have 2 points of confusion:

    • my agents are still being redirected back to our *.zendesk.com address when they're logging in to work on tickets. 
    • And, when we use the sidebar search to get links to topics to answer tickets, we get links to the *.zendesk.com urls instead of the custom domain as well. 

    Is that working as intended or did we get something wrong in the setup?

  • Avatar
    Calos Chen

    Hi : 

    We uploaded our SSL certificate to use hosted SSL ( support-splashtopbusiness.splashtop.com).

    And  I checked the Regular SSL setting .  but my web SSL always show the SSL fail . 

    Please you can help me ? 


  • Avatar
    Laura D.

    Hi Calos, 

    I checked your settings and there are adjustments we should make to get this error to go away. I'll follow up with you in a ticket in just a few minutes!

  • Avatar
    Laura D.


    • The new Zendesk interface (only visible to agents) does not maintain the host mapping, that's correct. Customers will see the correct name but the agent side won't change. 

    • It's true that if you search your forms using the Search on the left you'll get links with "zendesk" in them. When I tested it though, opening a new window (even while logged in as an agent in the other window) worked - I was able to keep the host mapped name and access the correct links. 

    I used Chrome - hopefully that's the same for all browsers.

  • Avatar
    Jorge Jaral

    Hey Techies; I need to know if I can make a rollback if my host mapping goes wrong, I'm already into production and I can't take my service down. 

  • Avatar
    Brandon K.

    Hey Jorge,

    Sure, you can remove your hostmapping at any time and your Zendesk account will default back to your old subdomain.zendesk.com url address. If you have external links to the branded domain you will need to change them, but no essential functionality should break with a host mapping change.

  • Avatar
    Brian Wan

    Hi Support,

    We've done the host mapping and change the CNAME record for customer to be using our http://help.nexusguard.com subdomain.

    However, i can reach the page but the URL still showing zendesk's URL. Is there anyway to change it to show our subdomain only?


  • Avatar
    Jessie Schutz

    Hi Brian!

    I see that we're working with you in a ticket on this as well. In order for your custom domain to always display, you have to enable hosted SSL and upload an SSL certificate that we can put on our servers.

    If you don't have a hosted SSL certificate, you will automatically be redirected to Zendesk's secure domain, for your safety. You can find out more information about SSL here: Providing secure communications with SSL.

    Hope that helps!