Mapping your domain

Each local authority’s public url for BOPS Applicants needs to be mapped to the relevant `bops-applicants` url provided by Unboxed (such as https://buckinghamshire.bops-applicants.services/)

We cannot provide a static IP address because the services use Route 53 behind a CDN, so the technology team within the local authority should create a CNAME record on their DNS to map their subdomain as follows.

For example, Buckinghamshire has created a CNAME record:

https://planningapplications.buckinghamshire.gov.uk/

which has the value of

https://buckinghamshire.bops-applicants.services/

SSL certificates

We need to have an SSL certificate for each of these records as the services use https.

There are three possible ways of managing SSL certificates:

SSL certificate generated by the local authority The local authority’s technology team will provide us with an SSL certificate which should have the specified service subdomain in the format planningapplications.COUNCILNAME.gov.uk and/or a wildcard DNS record *.COUNCILNAME.gov.uk. Along with the certificate, the Council IT team needs to provide us with the private key and any intermediate certs used by your SSL certificate authority. Once we have the SSL certificate we will import it into AWS Certificate Manager.
CSR generated by Unboxed We can generate a new Certificate Signing Request (CSR) on the origin server. Once we provide the CSR, the Council IT team will issue the SSL and then they will send it to us. Once we have the SSL certificate we will import it into AWS Certificate Manager.
SSL certificate generated by Unboxed We can request a new SSL cert using AWS Certificate Manager (ACM) and we will supply DNS TXT records for you to add to your DNS server which will validate the certificate request in ACM.

Option 1 and 2 will need to be repeated every time the certificate expires whereas option 3 will auto-renew as long as the DNS records remain in place.