CDDC renew staging process
Regularly, it is necessary to renew the SSL certificate linked to the CDDC collection domain, which has an expiration date by nature. The renewal goes through several phases:
- Creation of a new CSR
- Import of the new certificate
- Verification of proper operation
We will describe here the different steps in order to proceed to the renewal of your CDDC certificate.
The creation of a new CSR is mandatory to renew your CDDC. This in order to renew also the private key (held by AT Internet) linked to your domain.
To create your new CSR, click on the renewal link:
You will then be presented with a form inviting you to fill in the information related to your collection domain and the CSR. By default, the fields are pre-filled with the information filled in during the creation of the CDDC, so you can validate after proofreading.
The CSR is then available by clicking on the corresponding button:
Once you have purchased the new certificate, you will be able to import it directly from the interface. Click on the corresponding button to start the process:
Two fields have to be filled in:
- The certificate body
- The certificate chain
Once the certificates have been filled in and the form validated, a validation step is displayed, indicating potential errors.
The information in the certificate does not have to match the information in the CSR. Only the CN (Common Name) must be identical.
If no errors are indicated, you will be able to finalize the import of the certificate.
When renewing the certificate of your CDDC, we set up a test phase for the new certificate to ensure that it works properly.
Here are a few ideas for you to try out.
These are only examples of the possible tests. Other tests may be required by your technical teams.
In order to perform this test procedure, you need to know:
- your CDDC address:
- the IP of the temporary server
You can retrieve the IP address(es) from the renewal interface of your CDDC:
These IPs are subject to change, so make sure you update the list before testing:
Edit your hosts file (more info), to add this line:
Go to the URL of your CDDC, and check:
- that the padlock on your browser confirms that the connection is secure
- that the message “OK” is displayed on the loaded page.
Once these checks have been made, you can assume that the new certificate is attached and is working properly.
You can then proceed with the deployment of this new certificate on your collection domain, by confirming the renewal: