Follow these steps to add a domain name to our UCC certificate.
  1. login to carbon as root
  2. cd /etc/httpd/conf/uccssl
  3. copy the most recenter certgen directory [ cp -r certgen-yyyymmdd certgen-yyyymmdd ] where the target directory contains the current date.
  4. cd [ certen-yyyymmdd] the new directory
  5. vi uccgen.sh
  6. add one new CN entry for each domain that you are adding to the certificate.
  7. execute uccgen (./uccgen.sh)
  8. enter "ittrium" for the PEM pass phrase when prompted.
  9. reenter "ittrium" to confirm the PEM pass phrase when prompted.
  10. login to www.digicert.com.  Note user id in password are documented on intranet site.
  11. From the Account Home page, select our order from the drop down menu and the click Go.
  12. Click the Add a SAN button and then follow the instructions.  In step 2, make sure you copy only the portion of the csr begining with the 'BEGIN CERTIFICATE REQUEST' comment through the END CERTIFICATE REQUEST comment.

At this point, you'll need to wait for DigiCert to contact the technical contact on the whois record for the domain name(s) you added.  Once DigiCert gets the proper authorization, they will reissue the cert.  The can take anywhere from minutes to weeks depending on the client.

Once you receive the new cert, perform the following steps.

  1. Download the cert from DigiCert
  2. Upload the new files into the certgen-yyyymmdd directory you created earlier.  Note: you will need to rename crt file to ucc.crt to match our naming convention.
  3. Copy the new files (DigiCertCA.crt, ucc.crt and ucc.key) into the /etc/httpd/conf/uccssl directory.  You are replacing the exiting files with the new updated certificate.
  4. Restart Apache web server [service httpd restart]
Make sure to include appropriate charges on the customer account when their name is added and when the certificate is renewed.