Self-Managed CSR Workflow

Follow these steps to implement a self-managed CSR workflow, which allows you to work with any CA while keeping private keys secure. With the self-managed workflow, you manage the certificate lifecycle.

• Step 1: Create a Certificate Template.
• Step 2: Generate and download the CSR.
• Step 3: Submit the downloaded PEM encoded CSR to the CA.
• Step 4: Upload the signed certificate via the Certificate Templates tab.
• Step 5: Link the certificate to a site.
• Step 6: Renew the Certificate.

Create a Certificate Template

Create a template that defines the certificate parameters, including the common name, alternative names, and organization details. The certificate signing request (CSR) and private key are generated from the template.

To create the template:

1. Login to QC Services.

2. Open Media Delivery and navigate to Certificate Management.

   

3. In the Certificate Management page, select Add Certificate.

4. In the Add Certificate dialog, select Create Certificate Template.

5. In the Create Certificate Template dialog, make sure that Managed by Qwilt is unselected.
   

6. Define the template parameters.
   If your site configuration includes multiple hosts, the certificate must cover all HTTPS hosts configured for secured traffic.

   Parameter	Description
   Common Name	The primary domain the certificate will secure. Wildcards are allowed.
   Alternative Names (SANs)	Additional domains or subdomains that the certificate will cover.
   Country	Select the country where the organization requesting the certificate is located.
   Locality	The city or region of the organization.
   Organization Name	The legal name of the organization requesting the certificate.

7. Select Create template.

8. Select Generate & Download CSR. This downloads the PEM encoded certificate signing request (CSR) that you can submit to the certificate authority.

Generate and Download the PEM Encoded CSR

When you create the Template, it is added to the list on the Certificate Templates tab. If you did not generate and download the CSR when you finished creating the template, you can do so now.

To generate and download the CSR:

1. Go to the Certificate Templates tab.

2. Find the new template in the list. Hover over the template to display the Upload Certificate and Generate & Download CSR buttons.

   

3. Click Generate & Download CSR to download the PEM encoded CSR.

Submit the CSR to a CA

This step is performed outside the QC Services platform, and is your responsibility to manage

• Submit the downloaded CSR to the Certificate Authority of your choice.
• When you get the signed certificate from the CA, upload it.

Upload the Signed Certificate

Uploading the signed certificate makes it available for associating with a site. The private key generated from the template is automatically associated with the certificate.

To upload the signed certificate:

1. Go to the Certificate Templates tab.

2. Find the template in the list. Hover over the area to the right of the template name to display the Upload Certificate and Generate & Download CSR buttons.

   

3. Click Upload Certificate.

4. Upload or import the certificate and chain.

   Important!

   The Chain field must contain both the certificate and the certificate chain.

   

5. Select Upload.

Link the Certificate to a Site

Once the certificate is uploaded, you can link it to a site.

Link the certificate to a site.

Renew a Certificate

To renew a certificate, repeat steps 1-5 above. Remember to republish the site to activate the new certificate.