ClickDimensions allows use of custom CNAMEs as described here but if you are looking to combine your CNAMEs with secure URLs for Emails (those beginning with HTTPS), then you will also need to setup an SSL Certificate for your Email CNAME. Our new SSL certificates feature allows you to upload your own SSL certificate so that you can still brand your links with your company's domain name instead of the ClickDimensions domain while still allowing for a secure connection via HTTPS.
SSL Certificates for Emails
Uploading a new SSL certificate
Navigate to Settings and Support > ClickDimensions Settings > SSL Certificates in CRM.
This will open the SSL Certificates area where you can upload your certificates:
Selecting the Email CNAME tab and clicking the Add New button will allow you to select an SSL certificate to upload.
SSL Certificate Setup and Requirements
First, you will need to set up a CNAME within your domain provider's settings. The following are what your Email CNAME needs to point to depending on the regional data center that you are registered for:
The appropriate Front Door URL should also appear under Target Endpoint when adding a new certificate. Once your CNAME is setup, you will need to generate the SSL certificate, upload this certificate by clicking the Upload option, and then select Verify and Add after filling in the certificate details.
The Notification Email field lets you enter an email address that will be alerted both 14 days and 30 days before your certificates are about to expire.
The Set as Default option will allow you to select an Email CNAME that will be used as the default for your Email Sends unless another CNAME is selected for that email, and only one Email CNAME can be set as the default.
CAUTION: Subject Alternative Names or SANs certificates and Self-signed certificates are not supported, and the certificate must be provided by a trusted Certificate Authority as shown at the end of the article.
Wildcard certificates are NOT supported for Email CNAMEs. Your SSL certificate must be issued directly to the CNAME.
Supported CNAME and SSL CN Examples:
SSL CN: email.customdomain.com
SSL Subject Alternative Names: We currently do not support this.
For further documentation on supported certificate and CNAME options, please refer to Microsoft's documentation here.
PFX files are the only supported certificate format for Email CNAMEs. PEM files are NOT supported for Email CNAMEs.
- .pfx file format is an archive file format for storing several cryptographic objects in a single file i.e. server certificate (issued for your domain), a matching private key, and may optionally include an intermediate CA.
Please note, if your certificate is missing the private key, the certificate will fail to upload.
In addition, the certificate must be greater than 30 days until expiration at the time of import. A certificate that is set to expire in 30 days or less will fail to upload.
You can then enter your certificate's password (if it has one set) to complete the upload process. Once you have filled in these fields, you will then have the option to 'Confirm and Add' your certificate.
After the SSL certificate has been uploaded, you can create a new Domain record for your CNAME if your existing domain records does not already include the email CNAME specified in the domain field from the import page.
Please note that, if your existing domain record in CRM does not already contain the email CNAME, this step must be done after uploading the certificate as the CNAME validation done during the domain record creation will fail as the CNAME is now pointing to the regional endpoint URL
You then will be able to use HTTPS with Email Sends using this CNAME 1 hour after this process completes.
Caution: When updating/replacing an existing SSL certificate, instead of performing an initial upload, it can take up to 72 hours for the SSL propagation to complete. This period will need to be accounted for when replacing a certificate that will expire within that time period. Please see this Microsoft article for additional details.
Updating SSL certificates
Once you have at least one uploaded certificate, then you can select an SSL Certificate by checking the checkbox next to the certificate name:
Once a certificate is selected, you will also have the options to Edit or Delete this certificate. Editing will allow you to update the details or re-upload an SSL certificate.
If you would like to remove a certificate, you must remove the CNAME alias with your DNS provider prior to removing the certificate. Failure to do so will result in an error.
Once that CNAME entry is removed, you can then navigate back into Settings and Support > ClickDimensions Settings > SSL Certificates and click the Delete button on the corresponding SSL certificate.
Please note that if you have uploaded the same SSL certificate into multiple environments, then removing the SSL certificate from one environment will remove the certificate from ALL environments. Due to this, you may want to consider using a different set of certificates for the environments where applicable and check each of your environments after removing a certificate to ensure that all of the appropriate certificates are still present.
Note: We bypass restrictions of subject line and manual upload certificate but we are working to check for alternative subject name.
Which Certificate Authorities do we allow?
The allowed authorities are listed here. These certificate authorities are determined by Azure FrontDoor, which is a Microsoft Service utilized by ClickDimensions for the creation of this service.
If I already have an existing Domain record in CRM with an Email alias, do I still need to create a new Domain record?
No, you do not need to create a new Domain record. Instead, you can simply purchase a certificate for that existing alias, point that CNAME alias to the appropriate regional endpoint mentioned at the beginning of the article, and then upload your certificate using the SSL Certificate option on the ClickDimensions Settings page.
|Feature Added: 12.9|
|Feature Updated: 12.9|