Set Up Qwilt-Managed Certificate Lifecycle Management

Follow the steps described in this article to set up a Qwilt-managed CSR workflow, allowing Qwilt to handle the entire certificate lifecycle including issuance and renewal, while keeping private keys secure. Note that Qwilt uses the Let's Encrypt Certificate Authority (CA).

Step 1: Create a Certificate Template.

Step 2: Configure a CNAME Record for Domain Verification.

Step 3: Link the certificate to a site.

From now on, Qwilt manages the entire CSR flow for renewals.

Create a Certificate Template

Create a template that defines the parameters for generating the certificate, including the common name, alternative names, and organization details.

To create the certificate template:

1. Login to QC Services.

2. Open Media Delivery and navigate to Certificate Management.

   

3. In the Certificate Management page, select Add Certificate.

4. In the Add Certificate dialog, select Create Certificate Template.

5. Define the template parameters.
   If your site configuration includes multiple hosts, the certificate must cover all HTTPS hosts configured for secured traffic.

   Parameter	Description
   Common Name	The primary domain the certificate will secure. Wildcards are allowed.
   Alternative Names (SANs)	Additional domains or subdomains that the certificate will cover. Currently one alternative name can be defined.
   Country	Select the country where the organization requesting the certificate is located.
   Locality	The city or region of the organization.
   Organization Name	The legal name of the organization requesting the certificate.

6. Select Managed by Qwilt.

   

7. Select Create template. Note the From and To values in the Template Successfully Created dialog that appears, or export them. You'll need these values to configure the CNAME record.

   

   Initially, the new template appears in the list on the Certificate Templates tab, with the Pending Verification status next to the Managed by Qwilt label.

   

8. Next, configure a CNAME Record. This step is performed outside of the Qwilt environment, and is your responsibility to manage.

9. As soon as the CNAME record is available to Qwilt, the CSR is forwarded to the CA. Once the signed certificate is returned to Qwilt from the CA, the Pending Verification label disappears, and Managed by Qwilt remains as an indicator that this certificate template is Qwilt-managed.

Configure a CNAME Record

Create a CNAME record to allow Qwilt to verify domain ownership with the CA. This step is performed outside of the Qwilt environment, and is your responsibility to manage.

When creating the CNAME record:

• Specify the source and destination using the Qwilt provided From and To values.
  If you did not already retrieve the From and To values, go to the Certificate Templates list.
  Initially, the template appears in the list with the Pending Verification status.

  

  Hover over the help icon on the Pending Verification button and then click the Verify Domain Ownership link to retrieve the From and To values.

• We recommend setting the TTL to a maximum of one day.

• Once the CNAME record is created, Qwilt automatically sends the CSR to the CA. It will take 30 - 60 minutes for the signed certificate to be issued by the CA and become available for use.

Link the Certificate to a Site

After the CNAME record is created, it will take 30 - 60 minutes for the signed certificate to be issued by the CA and become available for use. At that time, you can link the certificate to the site via the site Publish feature. This is a one-time setup step.

From now on, Qwilt manages the entire CSR flow for renewals. A new certificate generated from the template is automatically associated with the same sites as the previous certificate generated from that template.

In the Certificate Templates list, the "Managed by Qwilt" label marks the templates that are auto-managed by Qwilt.

Learn how to link the certificate to a site.