Khoros Global Support Home Start a conversation Sign in
Start a conversation
  1. Khoros Aurora
  2. Troubleshooting
  3. How-To Articles

Adding CNAME Records for SAN Certificate in Aurora Upgrade

Overview

During an Aurora upgrade, adding CNAME records for Prod and Stage environments to a SAN (Subject Alternative Name) certificate is required for a successful migration/upgrade. 

Depending on  your DNS configuration, you may need to create additional TXT or CNAME records in order to allow the addition of the domains to the SAN certificate.

Process

Follow these steps to complete DNS verification for adding CNAMEs to the SAN certificate:

1. Requesting the CNAME Addition

  • Raise a ticket with the support team where you request to add CNAMEs to the SAN certificate.

  • SAN certificate needs to include Prod and Stage environments for successful upgrade/migration.

  • The support team will intermediate the certificate upgrade with the Infrastructure Team.

2. CNAME/TXT Record for Domain Ownership Verification

  • The Infrastructure Team will prepare the backend for the addition of the domains, and Support will provide you with a CNAME or TXT record that you need to add to your DNS for verification purposes

  • Depending on your DNS provider and configuration, you may need either a CNAME or a TXT record 

    • For example, DigiCert supports DNS validation through a CNAME record as an alternative.

3. Verify and Complete Certificate Issuance

  • Use DNS lookup tools to confirm the CNAME record is live.

  • Once validated, your DNS provider will issue the SAN certificate including the new domains.

Summary

When DNS configurations prevent the use of TXT records, CNAME-based DNS verification is a valid alternative. By publishing the required CNAME record and coordinating with the DNS team, SAN certificates can be successfully updated during Aurora upgrades.

FAQ

Q1: Why can't a TXT record be used for DNS verification?
A1: Depending on your DNS providerr/configuration, this may conflict with adding a new TXT record, necessitating the use of a CNAME record instead.

Q2: Can DigiCert always accept CNAME records for DCV?
A2: Yes, DigiCert supports DNS-based domain validation via both TXT and CNAME records.

Q3: How long does DNS verification take after publishing the record?
A3: Verification is typically completed within a few minutes after the DNS record propagates, but TTL and caching can affect timing.


Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Ciprian Nastase

  2. Posted

Comments