Adobe Experience Manager Sites & More

NageshRaja · 6/2/25

Hey Guys,

We have a domain abc.com which is managed by the client.

We have uploaded the customer managed certificate but the domain is still not getting verified.

The setup works correctly as the requests hit on domain abc.com are served by AEM Publisher.

The setup uses WAF which has rewrites configured to valid AEM Publishers with X-Forwarded-Host header set to abc.com and correct X-AEM-Edge-Key configured.

However, when we navigate to the "Domain Settings" we see the below domain as "Not Verified"

Same under "Domain Mappings" we see the following -

Interesting observation is we have already configured the steps mentioned in "Go Live" -

a. Configure A Record - Login to your Domain Registrar and create an A record to point to all the IP addresses listed

b. Configure CName - Add "cdn.adobeaemcloud.com" CNAME record on abc.com.

However in out case the cdn.adobeaemcloud.com didn't work. We had to configure the publisher "publish-p<pid>-e<eid>.adobeaemcloud.com for the flow to work.

Can anyone help why the domain and mappings are not showing to resolved status?

And why the CName didn't work for cdn.adobeaemcloud.com but it worked for publisher adobeaemcloud.com?

Thanks,

Nagesh

AmitVishwakarma · 6/2/25

Hi @NageshRaja ,

Adobe Cloud Manager requires domain verification using DNS records that explicitly resolve to Adobe’s CDN (cdn.adobeaemcloud.com), not directly to publishers.

If you're pointing the domain directly to the publisher endpoint (publish-pXXX-eYYY.adobeaemcloud.com) or using a WAF that doesn’t pass through Adobe’s CDN, then verification will fail even if the site works.

Follow below steps:

1. DNS Setup MUST Point to Adobe’s CDN

Update the CNAME record for abc.com (or www.abc.com) to point to:

cdn.adobeaemcloud.com

2. AEM Cloud Certificate Requirement

Ensure that the uploaded certificate:

- Is valid for abc.com

- Matches the full domain used in Cloud Manager

- Includes intermediate certificates if needed

3. Disable or Update WAF for Verification

If your WAF or firewall rewrites/redirects traffic without hitting Adobe CDN, Adobe’s edge verification service can’t confirm ownership.

Options:

- Temporarily bypass the WAF for domain verification (only needed once) OR configure the WAF to forward verification traffic unaltered with:

- Correct Host header

- Allow .well-known and /.akamai/ validation paths

4. Validate DNS Record Propagation

Check your DNS using:

dig abc.com CNAME +short

Expected result:

cdn.adobeaemcloud.com.

5. Adobe’s Edge Verification Check

When Adobe tries to verify a domain:

- It hits: https://abc.com/.akamai/...

- The request must go through the CDN

- Adobe checks that:

- The response is served from Adobe CDN

- The certificate matches

- CNAME resolves to cdn.adobeaemcloud.com

6. Wait 10–15 Minutes for Cloud Manager Sync

After correcting DNS and deploying via Cloud Manager:

- Go to Environment => Domains

- Wait ~10–15 minutes

- Refresh the page
- It should show: "Verified"

Regards,
Amit

NageshRaja · 6/3/25

Hi @AmitVishwakarma,

Thanks for replying!

If the DNS must necessarily point to Adobe CDN then why does the Customer managed CDN points to AEM managed CDN says "Point your CDN to the Adobe CDN’s ingress as its origin domain. For example, publish-p<PROGRAM_ID>-e<ENV-ID>.adobeaemcloud.com"

It doesn't mention cdn.adobeaemcloud.com as the ingress
Moreover when we configure cdn.adobeaemcloud.com as the ingress then the request doesn't come to publisher.

Finally since the request routes from WAF to Adobe CDN shouldn't the dig give imperva as shown below?

naga_krish@EPUGW0238 ~ % dig www.abc.com CNAME +short
nsi9go2.ng.impervadns.net.

Adobe Experience Manager Sites & More

Domain abc.com is not reflecting to "Verified" status in Adobe Cloud Manager

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe