DigiCert uses a challenge-based protocol. You must prove that you have control over the FQDN for a certificate to be issued successfully. Progress Kemp supports the HTTP-01 method for the challenge. Below is a description of the automatic steps performed by the LoadMaster after you request a new certificate. These steps are all performed automatically by the LoadMaster. This makes the process easy and no server-side modifications are required.

  1. The LoadMaster sends a request for the certificate.
  2. A token must then be placed in a specific location in the web server. That is what the Virtual Service that is selected when requesting a new certificate is used for. The challenge is served by the HTTP/HTTPS Layer 7 Virtual Service that creates a temporary SubVS that is auto-generated during the process of renewal or generation. DigiCert then provides a filename to be used during the HTTP01 challenge which is placed in this SubVS.
  3. The path of the token file is included in the Match String of a content rule that is automatically created.
  4. The LoadMaster automatically creates a SubVS in the Virtual Service selected.
  5. The content rule is automatically assigned to this SubVS. This content rule will have first precedence. The Virtual Service is served through an error page (200 OK).
  6. After the certificate issuing process is complete, the content rule and SubVS that were automatically created to perform the challenge are automatically deleted.