Issues with custom domain

I’ve followed the directions here

but it’s not completely working.

I’ve enabled custom domain and when I go to the log in page I do see my changes, the company name there. The url is still dev-xxxx.okta/etc

I’ve replaced my domain below with the word “example”.

If I manually change the url to and leave the rest of the url alone and hit enter, it will refresh the page to

I can successfully log in to my app that’s hosted on AWS under

My understanding is if I want the app to go to when it’s redirected to the login page I need to update the okta.oauth2.issuer entry from to

If I do this, the login page will display fine, and the url will be

with nothing after the “.com”.

After I enter a valid user / password I get an error

[invalid_token_response] An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: I/O error on POST request for “”: PKIX path building failed: unable to find valid certification path to requested target; nested exception is PKIX path building failed: unable to find valid certification path to requested target

I updated the Authorization Server, I only have 1 entry to
Issuer : Custom URL (
Metadate URI :

Not sure what else I need to change.

Under the Settings tab of that authorization server did you update the issuer dropdown?

Yes, it’s set to
and ‘example’ is my proper domain

And what happens if you use a new Authz Server instead of the default?

All the steps and the error I got is described above. I don’t know what else I can clarify.
Suggestions welcome on what else I can try to make this work.

Hi @Vladimir

If you add the custom domain that you’ve set up (eg. under, what details does it provide?

SSL checker showed there was a problem with the certificate chain. Certificate chain is “Optional” in the Okta custom domain setup screen so I did not enter it.

I’ve re-entered my certificate including the Certificate Chain and it works now.
thanks for your help


I had to renewed the cert for our Okta custom URL and app owners started reporting issues with the apps calls. The issue was that the optional cert chain parameter wasn’t populated.
After updating the cert chain the issue has been resolved.
You post helped me resolve the issue. Thank you !