DCV button is not present on a domain

The DCV button will ONLY be present on a domain which expires within 30 days OR on a newly entered domain. This means if the customer has a domain 31 days from its DCV Expiration, the customer will need to wait another day to renew the DCV record.

Domain's DCV record not showing up to date information

This happens due to the number of domain records (yes, everything in the domains tab for EVERY customer is included) that CCM needs to parse through every 4-5h. We or customers can force one or more DCV records to auto-update when at the time of pasting/uploading a CSR.

Workaround

1. Create a CSR with the affected domain(s)
2. Login as the customer (or have the customer do so themselves; prefer it if the customer can do it with you over the phone or email)
3. Attempt to add a certificate, using the CSR created in Step #1, with the customer's requesting organization. (e.g. if InCommon, select the needed institution from the Organization drop-down)
4. You may receive an error message that the domain needs DCV or you may not. This is actually fine & expected.
5. Check DCV tab again for the customer's domains & the DCV record should now be updated.

Please note: Current production versions of OpenSSL do not yet support -addext "subjectAltName = DNS:foo.co.uk" so one must use Java's keytool (from JRE/JDK 7+)

Examples

For a single domain:

USE ssltool.com to generate a CSR for the single domain that is needed.

OR

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr -subj "/C=GB/ST=Yorks/L=York/O=MyCompany Ltd./OU=IT/CN=mysubdomain.mydomain.com"

For multiple domains:

Create the keystore FIRST

keytool keytool -genkey -keyalg RSA -keysize 2048 -dname "CN=www.domain.com, O=Default, C=US" -keystore domain.keystore -ext san=dns:myDomain2.com,dns:myCoolDomain.com

Generate the CSR (note: specifying the -ext items again)

keytool -certreq -keyalg RSA -file domain.csr -keystore domain.keystore -ext san=dns:myDomain2.com,dns:myCoolDomain.com