This article explains how managed certificates work for HTTPS Web Forwarding in UltraDNS.
Managed certificates are used when you want UltraDNS to handle certificate issuance, deployment, renewal, and replacement for HTTPS redirects instead of manually uploading certificate files.
When to Use This Article
- You want to use HTTPS Web Forwarding without manually uploading certificate files.
- You want UltraDNS to manage the certificate lifecycle for HTTPS redirects.
- You want to understand why CAA records or DCV TXT records may be created for HTTPS Web Forwarding.
- You see a managed certificate with a
PendingorValidstatus.
What Managed Certificates Are
Managed certificates are SSL/TLS certificates that UltraDNS provisions and manages for HTTPS Web Forwarding.
When managed certificates are enabled for an account, UltraDNS uses DigiCert CertCentral integration to issue, deploy, renew, and replace certificates used for HTTPS redirects.
This is different from manually uploaded certificates. With manually uploaded certificates, you provide and maintain the certificate file, private key file, and optional CABUNDLE file.
Before You Begin
Managed certificates are not automatically enabled for every account.
If you do not see the option to use an UltraDNS managed certificate when creating an HTTPS Web Forwarding record, contact Customer Support for assistance.
Certificate Management must also be enabled for the account before HTTPS Forwarding certificate options are available in the portal.
How Managed Certificates Work
When managed certificates are enabled, the portal provides an option to use an UltraDNS managed certificate while creating an HTTPS Web Forwarding record.
When this option is used, UltraDNS handles the certificate process required to protect the HTTPS redirect.
This process can include:
- Certificate issuance through DigiCert CertCentral
- Certificate deployment for the HTTPS redirect
- Automatic certificate renewal
- Certificate replacement when needed
- Creation of required CAA records
- Creation of DNS-based Domain Control Validation TXT records
CAA and DCV Records
A CAA record identifies which certificate authorities are authorized to issue certificates for a domain.
A DNS-based Domain Control Validation TXT record is used to prove control of the domain during certificate issuance.
When managed certificates are used for HTTPS Web Forwarding, UltraDNS may create the required CAA and DCV TXT records needed for certificate provisioning.
Managed Certificate Status
Managed certificates appear in Certificate Management with the name Auto-provisioned by UltraDNS.
After initial creation, the certificate may display a status of Pending while certificate validation is in progress.
After validation completes, the certificate status changes to Valid.
Automatic Renewal
Managed certificates are automatically renewed before expiration.
The UltraDNS Managed Services Portal User Guide states that managed certificates are automatically renewed 7 days before the expiration date.
Expected Outcome
A managed certificate is working as expected when:
- The HTTPS Web Forwarding record is saved successfully.
- The managed certificate appears in Certificate Management.
- The certificate name displays as
Auto-provisioned by UltraDNS. - The certificate status changes from
PendingtoValidafter validation completes. - The HTTPS redirect uses the managed certificate.
Important Notes
- Managed certificates are used for HTTPS Web Forwarding.
- Managed certificates are separate from manually uploaded certificates.
- Managed certificates require account enablement.
- UltraDNS may create CAA and DCV TXT records as part of the managed certificate process.
- Managed certificates may temporarily display
Pendingduring validation.