If you are opting DNS based domain validation in the certificate order, you should configure the DNS account in Key Manager Plus and specify it in the 'DNS' field in the order for automating the challenge verification procedure. To configure your DNS account,
- Navigate to The SSL Store → Manage
- Switch to the DNS tab.
- Here, you can add a maximum of one DNS account for each DNS provider supported. Key Manager Plus currently supports automatic domain control validation for Azure and Cloudflare DNS.
- Click Add. In the pop-up that opens, choose the DNS provider.
For Azure DNS,
- Provide the Subscription ID, which is available in the Overview page of the Azure DNS zone.
- Provide the Directory ID, which is available in Azure Active Directory → Properties.
- If you have an already existing Azure application, provide its Application ID and Key.
- If not, follow the steps mentioned below to create the Azure application and key, and give the application access to the DNS zones for making API calls.
- To create the Azure application and key,
- Navigate to App registrations → New application registration.
- Provide the application name, select the application type Web app / API and provide the sign-on URL. Click Create.
- After successful creation, you are directed to a window that displays the Application ID.
- To get the application key, navigate to Keys and create a key.
- Provide the key description, duration and click Save.
- Once the key is saved, key value is displayed. Copy and save the key value for future references.
- To give the application access to DNS zones,
- Navigate to the resource group where all DNS zones or created or switch to a specific DNS zone.
- Switch to Access Control (IAM) and click Add.
- Choose the role as Contributor, assign access to Azure AD user, group or application, search and select the application created in Azure Directory and click Save.
- The created Azure application is now given access to DNS zones for making API calls.
- Finally, enter the Resource Group Name, which is the group name in which you have created the DNS zone and click Save.
- Your DNS account details are saved and listed under Manage → DNS.

For Cloudflare DNS
- In the Email address field, specify the email address associated with the Cloudflare account.
- For Global API Key, use the 'Generate API' key option in the domain overview page of the Cloudflare DNS to generate the key and paste the value in this field.
- Click Save. Your DNS account details are saved and listed under Manage → DNS.
Note:
For DNS based domain validation type, if you are going to specify an already configured DNS account in the certificate order for domain control validation, make sure its status is marked Enabled under Manage → DNS.

3. Domain Control Validation, Certificate Issue & Deployment
Once the certificate authority receives your order, you will have to go through a process called Domain control validation (DCV) and prove your ownership over the domain upon the completion of which you will receive the certificate. Key Manager Plus supports all the three DCV methods:
- E-mail based DCV
- File or HTTP based DCV
- DNS based DCV
E-mail based domain control validation
- In email based domain control validation, the certificate authority sends a verification email to the approver email ID specified when placing the certificate order.
- This email will guide you through the steps need to be performed in order to complete the domain control validation procedure.
- After completing the steps, navigate to the Key Manager Plus server, and switch to The SSL Store tab.
- Select the order and click Check Order Status from the top menu.
- On successful verification, the certificate authority issues the certificate which is fetched and added to Key Manager Plus' secure repository. You can access the certificate from the SSL → Certificates tab.
- From here, you can deploy the certificate to necessary end-point servers such as a Certificate Store or an IIS server directly from Key Manager Plus.
Click here for more details on certificate deployment.
File / HTTP based domain control validation
- If you have opted file / HTTP based domain control validation, a challenge file is displayed on creating the order.
- Navigate to the domain server, create the path specified and deploy the challenge file in that path.
This entire process of deploying the challenge file in the end-point server can be automated from Key Manager Plus. This can be achieved by configuring the server details in the Deploy tab under Manage. To automate domain control validation,
- Switch to The SSL Store → Manage.
- If the end-server is a Windows machine, initially download and install the Key Manager Plus agent for Windows server from the Windows Agents tab using the following steps
Installing Key Manager Plus agents for Windows server:
To install Key Manager Plus agent as a Windows service
- Open the command prompt and navigate to the Key Manager Plus installation directory.
- Execute the command 'AgentInstaller.exe start.'
To stop the agent and uninstall the Windows service
- Open the command prompt and navigate to the Key Manager Plus installation directory.
- Execute the command 'AgentInstaller.exe stop.'
- Switch to the Deploy tab and click Add.
- In the pop-up that opens, choose the challenge type as 'http-01' , specify the domain name, choose the server type (Windows or Linux) and enter the server details. Click Save.
- The challenge file is automatically deployed to the corresponding end-server in the specified path.

- Once you have deployed the challenge file, navigate to the Key Manager Plus server, switch to The SSL Store tab, choose the order and click Check Order Status from the top menu.
- On successful domain validation, the certificate authority issues the certificate which is fetched, added to Key Manager Plus' certificate repository (SSL → Certificates) and is also deployed in the specified path of the server configured earlier under Manage → Deploy.
DNS based domain control validation
- If you have opted DNS based domain control validation, a DNS challenge value and text record are displayed on creating the order.
- Copy and paste the text records manually in the domain server.
Similar to the HTTP challenge, the entire challenge verification process can be automated from Key Manager Plus. This can be achieved by configuring the server details in the Deploy tab under Manage. To automate domain control validation,
- Switch to The SSL Store → Manage.
- If the end-server is a Windows machine, initially download and install the Key Manager Plus agent for Windows server from the Windows Agents tab using the steps mentioned in the previous section.
- Switch to the Deploy tab and click Add.
- In the pop-up that opens, choose the challenge type as 'dns-01', specify the domain name, choose the DNS provider (Azure or Cloudflare) and enter the server details.
- Check 'Deploy Certificate' option to deploy the certificate to the end-server after procurement. Click Save.
- The DNS challenge values and text records are automatically created in the corresponding DNS servers.

- Once the challenges have been fulfilled, navigate to the Key Manager Plus server, switch to The SSL Store tab, choose the order and click Check Order Status from the top menu.
- On successful domain validation, the certificate authority issues the certificate which is fetched and automatically added to Key Manager Plus' certificate repository. You can access the certificate from the SSL → Certificates tab.
- From here, you can deploy the certificate to the necessary end-point servers such as a Certificate Store or an IIS server directly from Key Manager Plus. Click here for more details on certificate deployment.
- Also, the certificate is automatically deployed to its corresponding end-server after issue, if you have enabled the Deploy Certificate option at the time of configuring server details under Manage → Deploy.
Note: For DNS based domain control validation, if you had chosen a DNS account configured under Manage → DNS when placing the order, Key Manager Plus automates challenge verification using that account. Instead, if you have already configured the domain and server details under Manage → Deploy, the challenge verification, and subsequently the deployment of certificates is carried out for that specific domain and server alone.
4.Renew, Reissue & Delete
You can renew, request reissue or delete certificate orders placed to third-party certificate authorities from Key Manager Plus.
To renew a certificate,
- Navigate to SSL → The SSL Store
- Select the required order and click Renew Certificate from the top menu.
- Complete the domain control validation (DCV) procedure if necessary.
- On successful validation, the certificate is issued and the new version is automatically updated in SSL → Certificates tab.
To request for a certificate reissue,
- Navigate to SSL → The SSL Store
- Select the required order and click Reissue Certificate from the top menu.
- Complete domain control validation (DCV) procedure if necessary.
- On successful validation, the certificate is reissued and is automatically updated in SSL → Certificates tab.
Note: You can request a reissue only for those certificates requested from Key Manager Plus and not for the imported orders.
To delete a certificate request,
- Navigate to SSL → The SSL Store.
- Select the required certificate and click Delete from the More top menu.
- The certificate request is deleted from Key Manager Plus.
Note: When a certificate request is deleted, it is removed only from Key Manager Plus. You can find the order being open in The SSL Store website for your account and you can import it into Key Manager Plus if needed using The SSL Store → More → Import option.