SSL Certificates for Emails

Uploading a new SSL certificate

Navigate to Settings and Support > ClickDimensions Settings > SSL Certificates in CRM.

This will open the SSL Certificates area where you can upload your certificates:

Selecting the Email CNAME tab and clicking the Add New button will allow you to select an SSL certificate to upload.

SSL Certificate Setup and Requirements

First, you will need to set up a CNAME within your domain provider's settings. The following are what your Email CNAME needs to point to depending on the regional data center that you are registered for:

• US: elink.clickdimensions.com

• EU: elinkeu.clickdimensions.com

• CA: elink.clickdimensions.com

• AU: elink.clickdimensions.com

The appropriate Front Door URL should also appear under Target Endpoint when adding a new certificate. Once your CNAME is setup, you will need to generate the SSL certificate, upload this certificate by clicking the Upload option, and then select Verify and Add after filling in the certificate details.

The Notification Email field lets you enter an email address that will be alerted both 14 days and 30 days before your certificates are about to expire.

The Set as Default option will allow you to select an Email CNAME that will be used as the default for your Email Sends unless another CNAME is selected for that email, and only one Email CNAME can be set as the default.

Self-signed certificates are not supported, and the certificate must be provided by a trusted Certificate Authority as shown at the end of the article.

Wildcard certificates are NOT supported for Email CNAMEs. Your SSL certificate must be issued directly to the CNAME.

Supported CNAME and SSL CN Examples:

SSL CN: email.customdomain.com

CNAME: email.customdomain.com

SSL Subject Alternative Names: We currently do not support this. 

For further documentation on supported certificate and CNAME options, please refer to Microsoft's documentation here. 

PFX files are the only supported certificate format for Email CNAMEs. PEM files are NOT supported for Email CNAMEs.

• .pfx file format is an archive file format for storing several cryptographic objects in a single file i.e. server certificate (issued for your domain), a matching private key, and may optionally include an intermediate CA.

Please note, if your certificate is missing the private key, the certificate will fail to upload. 

In addition, the certificate must be greater than 30 days until expiration at the time of import. A certificate that is set to expire in 30 days or less will fail to upload. 

You can then enter your certificate's password (if it has one set) to complete the upload process. Once you have filled in these fields, you will then have the option to 'Confirm and Add' your certificate.

After the SSL certificate has been uploaded, you can create a new Domain record for your CNAME if your existing domain records does not already include the email CNAME specified in the domain field from the import page. 

Please note that, if your existing domain record in CRM does not already contain the email CNAME, this step must be done after uploading the certificate as the CNAME validation done during the domain record creation will fail as the CNAME is now pointing to the regional endpoint URL

You then will be able to use HTTPS with Email Sends using this CNAME 1 hour after this process completes.

Caution: When updating/replacing an existing SSL certificate, instead of performing an initial upload, it can take up to 72 hours for the SSL propagation to complete. This period will need to be accounted for when replacing a certificate that will expire within that time period. Please see this Microsoft article for additional details.

Updating SSL certificates

Once you have at least one uploaded certificate, then you can select an SSL Certificate by checking the checkbox next to the certificate name:

Once a certificate is selected, you will also have the options to Edit or Delete this certificate. Editing will allow you to update the details or re-upload an SSL certificate.

If you would like to remove a certificate, you must remove the CNAME alias with your DNS provider prior to removing the certificate. Failure to do so will result in an error.

Once that CNAME entry is removed, you can then navigate back into Settings and Support > ClickDimensions Settings > SSL Certificates and click the Delete button on the corresponding SSL certificate.

Please note that if you have uploaded the same SSL certificate into multiple environments, then removing the SSL certificate from one environment will remove the certificate from ALL environments. Due to this, you may want to consider using a different set of certificates for the environments where applicable and check each of your environments after removing a certificate to ensure that all of the appropriate certificates are still present.

Note: We bypass restrictions of subject line and manual upload certificate but we are working to check for alternative subject name.