Under each Instance (Development, Staging and Production) you are able to load a certificate with various domain names which you are then able to use for that Instance in other areas of DXM (like Domain Management, Redirects or IP Restrictions).
Loading a new Certificate
Step 1: Browse to the Instance where you want the Certificate loaded (eg. Staging)
Step 2: Scroll down to the “Security” area
Step 3: Select the Request CSR option and complete the Certificate details
Fill in the information required in the Request Certificate form.
If there is an existing certificate, you can generally gather the details from the existing certificate. Click on the “lock” in the browser and view the certificate details.
Information required for the CSR:
City (must be spelled out in full)
State/Province (must be spelled out in full)
Country (must use 2 digit country code)
NOTE: Email is optional, avoid any letters with accents
Scrolling down the details list will reveal the DNS entries required to be entered into the “Additional domains” field.
Once you have completed the CSR form, select Generate
Step 4: After the CSR has been generated, click the View CSR link, copy the text, and save the text (with no extra characters or returns) as a .txt file.
You can check the CSR by using a tool such as: https://ssltools.digicert.com/checker/views/csrCheck.jsp.
If it looks correct, this .txt file can be used for the next step
Step 5: The .txt file containing the text can be sent to the organisation supplying the certificate.
The Kurtosys preferred certificate vendor is www.digicert.com, but the customer can also use their own provider. It is strongly recommended the customer purchase their own certificate.
Step 6: The organisation producing the certificate will supply the certificate details, which needs to be loaded using the Upload TLS option
Once the certificate is returned, use the Upload TLS button to apply the certificate. You can use a tool such as https://www.sslshopper.com/certificate-decoder.html to confirm the certificate returned from the customer has the domains specified in the CSR. You can also use https://www.sslshopper.com/certificate-key-matcher.html to confirm that the CSR and Certificate keys match (select second radio button).
Note: You need to open up the certificate in a text editor to show all the blurb and then copy that content into this area
Step 7: The loaded certificate details and its’ domains will be displayed. This can now be used as part of Domain Management, Redirects and IP Restrictions
Note: When uploading the certificate, it says Expired initially but when you wait a while, refresh and go back to the page it will fully populate and display correctly