Categories

System Admin
Activity Tracking
DXM
Data
Approval Groups
Studio for Office

Links

How do I install a certificate on my DXM Site?

Under each Instance (Development, Staging and Production) you are able to load a certificate with various domain names which you are then able to use for that Instance in other areas of DXM (like Domain Management, Redirects or IP Restrictions).

Loading a new Certificate

Step 1: Browse to the Instance where you want the Certificate loaded (eg. Staging)

Step 2: Scroll down to the “Security” area

Step 3: Select the Request CSR option and complete the Certificate details

Fill in the information required in the Request Certificate form.

  • If there is an existing certificate, you can generally gather the details from the existing certificate. Click on the “lock” in the browser and view the certificate details.

  • Information required for the CSR:

    • Primary Domain

    • Additional Domains

    • Organization

    • Department

    • City (must be spelled out in full)

    • State/Province (must be spelled out in full)

    • Country (must use 2 digit country code)

    • NOTE: Email is optional, avoid any letters with accents

  • Domains should generally include wildcard (*.customername.com) and Apex/Root and WWW (customername.comwww.customername.com).

  • Scrolling down the details list will reveal the DNS entries required to be entered into the “Additional domains” field.

Once you have completed the CSR form, select Generate

 

Step 4: After the CSR has been generated, click the View CSR link, copy the text, and save the text (with no extra characters or returns) as a .txt file.

 

Step 5: The .txt file containing the text can be sent to the organisation supplying the certificate.

  • The Kurtosys preferred certificate vendor is www.digicert.com, but the customer can also use their own provider. It is strongly recommended the customer purchase their own certificate.

 

Step 6: The organisation producing the certificate will supply the certificate details, which needs to be loaded using the Upload TLS option

Once the certificate is returned, use the Upload TLS button to apply the certificate. You can use a tool such as https://www.sslshopper.com/certificate-decoder.html to confirm the certificate returned from the customer has the domains specified in the CSR. You can also use https://www.sslshopper.com/certificate-key-matcher.html to confirm that the CSR and Certificate keys match (select second radio button).

  • Note: You need to open up the certificate in a text editor to show all the blurb and then copy that content into this area

 

Step 7: The loaded certificate details and its’ domains will be displayed. This can now be used as part of Domain Management, Redirects and IP Restrictions

  • Note: When uploading the certificate, it says Expired initially but when you wait a while, refresh and go back to the page it will fully populate and display correctly