The End of Vanity Domains

by C.W. Holeman III

Vanity Domains

We're updating our strategy on Vanity Domains so that we can better support you, our client. So, moving forward, we'll no longer support integrated Vanity Domains. We will still support custom Wisetail URLs. We expect to see more reliability and predictability within our platform as a result of this change. Also among the benefits: you, as admin, will no longer have to deal with SSL Certificates and CSRs, or the possibility of site inaccessibility due to unsecured sites. We'll take care of all that for you.

Please note the important information in this document. You'll need to make changes in your site to continue accessing it after your upgrade migration.

Vanity Domains

A Vanity Domain is a stand-alone domain under the control of a client, such as, or a subdomain such as

This is currently what it looks like when you visit the Vanity Domain "".  This is a subdomain ("example") under the domain "".


In this hypothetical, the powers-that-be could also have decided to create a standalone domain such as "", in which case the location bar would read:


Wisetail URLs

A Wisetail URL is a branded link under the Wisetail domain, such as:



Out With the Old, In With the New

Under our new system, when you visit any Wisetail site (such as Apex), you'll see the site name followed by "". In this case,





What Action Do I Need to Take?

Regardless of whether you wish to continue using a Vanity Domain, you have steps to take to continue accessing your site after your migration.

If you wish to continue using your Vanity Domain you'll need to make a change to your DNS configuration and configure a domain redirect.


  • During your upgrade process, you will select your preferred Wisetail URL.
  • Pick one of the methods listed below (Option# 1 or Option# 2) to handle the domain aspect of this mupgrade.
  • Your new Wisetail URL is created.
  • You make the appropriate changes, based on your selected option.
  • If you have an SSO, you'll need to make an adjustment to it. See SSO Change below.
  • If you utilize whitelisting on your internal infrastructure, you will need to update your whitelist.



Option #1: Directly access your Wisetail URL (Recommended)

If you choose to implement this change you'll simply need to direct your users to go [YourSite] to continue accessing the Wisetail LMS.

  1. If you have an SSO, you'll need to make a quick change on your end. See SSO Change below.
  2. Update any bookmarks.
  3. Direct your users to start using your new Wisetail URL.



Option #2: Domain Redirect

If you wish to continue using your Vanity Domain, you will need to see if your DNS provider supports domain redirects. This functionality rests entirely on you; Wisetail is not responsible for ensuring this functionality. If your DNS provider supports domain redirects you will need to do the following: 

  1. If you have an SSO, you'll need to make a quick change on your end. See SSO Change below.
  2. Configure a Domain Redirect (sometimes referred to as a 301 redirect) from your Vanity Domain ( to your Wisetail URL ( See the below image for an example.

    NOTE: This cannot be a CNAME record, as CNAME records are not redirects.
  3. Clean up your DNS configuration. You will need to do all of the following that you have configured:
    1. Remove all CNAME records related to Wisetail. The CNAME record would be to something like:
    2. Remove all A records related to Wisetail. These contain something like
    3. Remove all NS records related to Wisetail. These records would point to, and

    4. You may wish to adjust your TTL settings to a low number -such as 15 minutes- a few days in advance if your upgrade in order to ensure that your DNS changes propagate throughout the internet as quickly as possible.




SSO Change

If you have an SSO, you'll need to make a change to your configuration to guarantee users access to the site and its associated SSO functionality. This change must be once the upgrade migration begins. We do not need to re-exchange metadata. The X509 certificate will not change.

Before your upgrade window:

  • Ensure you know if Wisetail is your IDP (Identity Provider) or your SP (Service Provider).
  • Ensure you know how to access your SSO configuration (this is not part of your Wisetail site).
  • Ensure you know what changes you need to make.

In these examples the current Vanity Domain is, and the new Wisetail URL is


If Wisetail is your SP

If Wisetail is your Service Provider, you need to make the following three changes:

Service Provider Entity ID:

  • FROM:
  • TO:

Assertion Consumer Service (ACS) URL

  • FROM:
  • TO:

Single Logout Service URL

  • FROM:
  • TO:

If Wisetail is your IDP

If Wisetail is your Identity Provider, you need to change the following two changes:

Identity Provider Entity ID

  • FROM:
  • TO:

Single Sign-On Service URL 

  • FROM:
  • TO:



Assistance With Your DNS Provider

Determining your DNS Provider

If you don't know who your DNS provider is, you can use, and search for your domain name. You want to locate the Registrar URL. This leads you to your DNS provider.


DNS-Specific Instructions

There are a nearly endless lists of DNS providers, so we can't provide a complete list. However, the following DNS providers are quite popular. If you need further assistance, use the link above, and contact your DNS provider directly for specific instructions.

Go Daddy - Special Note

Go Daddy handles their redirects in a non-industry-standard fashion. If you use Go Daddy, please ensure you are configuring a forward, without masking. Additionally, you must use the HTTP forward option, not the HTTPS option. We will force the usage of HTTPS on our end, so your traffic will be secure. However, if you attempt to use the HTTPS option directly with Go Daddy, their system cannot handle the forward, and it will fail.

What Will Work:


What Won't Work:


The reason that these HTTPS requests will not work is due to the fact that they are trying to redirect from an HTTPS address to another domain which does not have a matching SSL certificate.

Your site ( has a valid and active SSL cert which is the wildcard cert for *

Your domain ( does not have a way to attach an SSL cert to it that is valid for both the domain, as well as for * As a secure handshake must take place in the initial step of loading an HTTPS page (, the browser is unable to match the wildcard cert for * to the domain, and is therefore throwing the SSL error you are seeing.

For a more in depth overview of this, please see this article from DNSimple:

Unfortunately, after a great deal of research accross numerous teams, we have not been able to create a solution for this issue as the root cause is the HTTPS protocol itself.

The best advise we can offer is to update any existing bookmarks from to

If for some reason this is not possible you would need to create an application-layer solution. Although while seemingly not particularly complex, this would involve paying for a separate web host, creating an actual page that can live at, which would then do a browser-level redirect via javascript to However, we highly recommend against this solution as it can quickly devolve into a nightmarish tangle of trying to handle old individual page locations, etc.


What is TTL, & Why Would I Set it to 15 Minutes?

While not specific to your DNS Provider, this article goes over DNS propagation & TTL, and explains why you'd what to adjust that setting to 15 minute several days in advance of your transition: 




Article is closed for comments.