How to rotate your origin certificate

The various origin certificate creation and application methods may require that you periodically rotate this certificate to apply a new one.

Before you begin

  1. If applicable, make changes to your Property Manager property file settings so that both the old and new certificate are trusted.
  2. You can optionally set up a second instance of your origin using the new origin certificate, and set up your property to use that origin for a particular test URL. Make sure to use the same trust settings on the test origin as actual origin. (For example, both properties should check for the same hostnames on the certificate.)
  3. Push the property changes to the Staging network and test that your current origin certificate is still trusted on this network.
  4. You can optionally use the test URL pointing to the second instance of your origin to test that your new origin certificate is trusted on Staging network, too.
  5. Push your property changes to the Production network and test that your current origin certificate is still trusted on this network.
  6. If you set up the optional second instance of your origin, you can use the test URL pointing to this instance of your origin to test that your new origin certificate is trusted on Production.

Now, you can switch the certificate on your origin

Switch your origin server to the new certificate, and test that your new origin certificate is still trusted on Production.

Finally, you need to perform some clean-up

  1. If applicable, make any required changes to your property settings so that the old certificate is no longer trusted.
  2. Push property changes to the Staging network, and test that your new origin certificate is still trusted on this network.
  3. Push property changes to the Production network, and again test that your new origin certificate is still trusted on this network.