Managing certificates
You can request an AWS certificate or import your own certificates and associate them with your environment(s) (Live, UAT, and Integration) via the Magnolia Cloud Cockpit.
Here, we explain how to manage certificates and associate domains to your Magnolia environments via the Cockpit.
Prerequisites
-
You must have access to the Cockpit.
-
You must be able to set up or coordinate the DNS and domain information needed for the Cockpit.
Restricted top level domains for public certificates
The third party upon which Magnolia Cloud relies for issuing and renewing certificates have disallowed the issuance and renewal of certificates for certain domains from the 10th March, 2022 until further notice.
Restricted domains
-
.RU
-
.BY
-
Бел
(Belarus) -
Рф
(Russia) -
.moscow
-
.москва
-
.SU
-
/http.ru.com
(ru.com
) -
РУС
-
.RU.NET
All existing certificates for these domains remain functional until expiration. After expiration, however, they will not be renewable and no new certificates for these domains will be issued.
You can still create a certificate with these domains by another recognised certificate authority and import it into the Cockpit. |
Handle certificates
The instructions provided here detail how to request or import a certificate for the first time.
You cannot amend existing certificates with AWS Certificate Manager (ACM). To add additional SANs:
See ACM Best Practices for more information. |
-
Log in to the Cockpit.
-
Navigate to Your-Subscription > Manage certificates.
-
Select the Certificates tab.
-
Select Request certificate.
-
Enter your Domain name.
There is a maximum of 25 certificates per subscription and each certificate can contain a maximum of 30 domain names (including SANs). -
Enter any Subject Alternative Names (SANs) if applicable.
-
Choose your desired Validation method.
-
Select Request to complete the certificate request.
-
Log in to the Cockpit.
-
Navigate to Your-Subscription > Manage certificates.
-
Select the Certificates tab.
-
Select Import certificate.
-
In the pop up window:
-
Enter your Certificate body.
-
Enter your Certificate private key.
-
Enter your Certificate chain if applicable.
You can only import one certificate at at time. If you have any issues, see Managing server certificates in IAM from AWS to troubleshoot.
-
-
Select Next.
-
Review the certificate information to ensure it is correct.
-
Select Import.
Handle the CNAME record
After you have requested your certificate, be sure that you copy the Name
and Value
under Configuration Information for your pending certificate and add that to your DNS configuration.
This is needed to validate ownership of the domain. |
Do not remove these entries even after successful validation as they are required in order to automatically renew the certificates. |
The procedure for adding CNAMEs depends on your DNS service provider. |
Reimport certificates
If you need to reimport a certificate (for example, to renew a certificate), you can do this via the Cockpit.
Certain conditions must be met as per AWS standards. |
-
Log in to the Cockpit.
-
Navigate to Your-Subscription > Manage certificates.
-
Find the certificate you wish to reimport.
-
Select the Reimport certificate button.
-
In the pop up window:
-
Enter your Certificate body.
-
Enter your Certificate private key.
-
Enter your Certificate chain if applicable.
-
-
Select Next.
-
Review the certificate information to ensure it is correct.
-
Select Import.
The following conditions apply when you reimport a certificate:
You can add or remove domain names.
You cannot remove all of the domain names from a certificate.
You can add new Key Usage extensions but existing extension values cannot be removed.
You can add new Extended Key Usage extensions but existing extension values cannot be removed.
The key type and size cannot be changed.
See AWS Reimport a Certificate for more in-depth information.
Associate certificates to environments
-
Log in to the Cockpit.
-
Navigate to Your-Subscription > Manage certificates.
-
Select the Associate certificate tab.
-
Select the environment to which you wish to associate the certificate (e.g., Live, UAT, Integration).
You can associate certificates to multiple environments. -
Choose your verified domain from the dropdown list.
-
Select Associate.