Frequently Asked Questions (FAQs)

  1. How do you handle a new external certificate request when enrolling a brand-new certificate for a domain that does not exist in the validated domain list?
    If the requested certificate is for a new domain, first complete domain validation (DCV). Refer to Add a New Domain to perform validation. After successful validation, proceed to certificate enrollment. Refer to Enrolling Certificates.
    Note: This process is not fully automated. This enhancement is currently in the backlog and is planned for future releases.
  2. How do you handle a new external certificate request when enrolling a certificate for a domain that already exists and is in the validated domain list?
    If the domain is already validated, directly proceed to certificate enrollment and request the certificate. Refer to Enrolling Certificates
  3. How do you process a renewal of an external certificate when there is no change in the Common Name (CN) or Subject Alternative Name (SAN)?
    If you renew an external certificate without changes to the Common Name (CN) or Subject Alternative Name (SAN), follow the standard certificate renewal process. This scenario is not related to DCV and falls outside its scope.
  4. How do you handle regeneration of an external certificate when there is no change in the Common Name (CN) but additional domains are added to the Subject Alternative Name (SAN)?
    If you regenerate an external certificate without changes to the Common Name (CN) or Subject Alternative Name (SAN), follow the standard certificate regeneration process. This scenario is not related to DCV and falls outside its scope.
    Note: Ensure clarity on which parameters can be added or modified during each process. During regeneration, the Common Name (CN) cannot be modified, while Subject Alternative Name (SAN) fields can be updated.
  5. What is the recommended interval for the DCV Domain Sync Job (currently set to once per day)?
    Set the DCV Domain Sync Job to run once per day, as this is generally sufficient since domains are not added frequently. Users can modify this interval if needed. Additionally, use the Trigger Sync Manually option in the DCV inventory to immediately sync newly added domains.
  6. What is the recommended interval for the DCV auto-renewal check that customers should configure (currently set to once per day)?
    Run the DCV auto-renewal check once per day, which is adequate given the current domain validity periods. The default interval is one day and can be adjusted as required.
  7. If certificate renewal automation is configured to auto-renew or auto-regenerate 30 days before expiry, what should the DCV auto-revalidation interval be to ensure the external domain remains validated before renewal or regeneration is triggered?
    Set DCV auto revalidation to occur 7 days prior to domain expiry, as this is currently sufficient to ensure the domain remains in a validated state during certificate renewal or enrollment. The system only checks whether the domain is valid at the time of renewal, so prior validation within this window is adequate.

    However, this configuration should be revisited if domain validity periods are reduced (e.g., to 10 days in the future). In such cases, a 7-day revalidation window would be too large and may trigger revalidation too frequently. A shorter interval, such as 3 days prior to expiry, would be more appropriate.