IBM Cloud Docs
Converting a partial (CNAME) configuration to full

Converting a partial (CNAME) configuration to full

If you initially set up a partial domain, you can later migrate it to a full setup.

Before you begin

When preparing Transport Layer Security (TLS), you can use Universal SSL. Keep in mind:

  • Universal certificates can take at least 15 minutes to be issued.
  • You must add CIS name servers to your registrar within 72 hours of the conversion process.
  • Universal SSL supports only first-level subdomains.
  • To minimize downtime, it is recommended that you have a certificate in place before you start the conversion process.

Converting to a full CNAME configuration

To convert from a partial to a full CNAME configuration, follow these steps:

  1. Prepare TLS. In the CIS instance, order an advanced certificate, or upload a custom SSL certificate for your website or application.

    Verify that the status of your SSL certificate is Active.

  2. Update settings in your authoritative DNS:

    1. Disable DNSSEC at your authoritative DNS provider at least 24 hours prior to converting your zone.
    2. As a best practice, also delete the previous zone activation TXT record at your authoritative DNS provider. Locate this value in the CIS instance in DNS > Records where the value is listed as the Verification TXT Record.

  3. Convert to a full setup:

    1. Go to DNS > Settings.

    2. Select Convert to Primary DNS. This action does not affect how your traffic is proxied.

    3. Import your records into CIS DNS and verify that the records have been configured correctly.

      It is recommended to import unproxied records.

  4. Activate the full setup:

    1. Get your assigned CIS name servers from DNS > Records and update your name servers at your registrar.

      If you rely on Universal SSL certificates to cover your website or application, make sure to add CIS name servers to your registrar within 72 hours of the conversion process.

    2. It is recommended to enable DNSSEC from DNS > Settings, then add the DS record to your registrar.

      After all of the DNS TTLs expire, all of your DNS queries are answered by the CIS global network.

    3. Enable the proxy status for specific DNS records to begin proxying additional hostnames. Subdomains that were proxied previously continue to be proxied without any interruption.