[Spacewalk-list] Renewing Third-Party CA SSL Certificate with FQDN

[Jun]

Hoping someone can offer some advice on the following situation.

Have an internal spacewalk 2.2 server that is using a third-party CA
certificate (not an internal CA)
* The CSR used for the current ssl certificate specified the CN with
the short hostname (not FQDN).  For example, if hostname =
myserver.domain.com, CN = myserver
* The ssl certificate is expiring.
* The third-party CA is no longer issuing ssl certificates for short hostnames

Would like to use the same CA and minimize impact.

Would something like this be sufficient; if not, appreciate any suggestions:
* manually generate a new CSR with CN with fully qualified hostname
using the existing server key
* submit CSR to same third-party CA
* backup /etc/httpd/conf/ssl.*, /etc/pki, /root/ssl-build,
/var/www/html/pub, jabberd/server.pem
install new third-party CA ssl certificate:
During maintenance:
* replace a copy of the new ssl certificate (.crt) and .csr in Apache
directories
* convert crt to pem and update /etc/pki/spacewalk/jabberd/server.pem
* stop spacewalk
* clear jabber database
* start spacewalk

Hoping the clients do not have to be updated (i.e.
/etc/sysconfig/rhn/up2date or RHN-ORG-TRUSTED-SSL-CERT)
Appears they are referencing the shortname (but the domain being used
is in the dns search order)

Thank you for your advice.