SSL certificates allow HTTPS to be enabled for a custom domain used in a CNAME. Our new SSL certificates feature allows you to upload your own SSL certificate so that you can still brand your links with your company's domain name instead of the ClickDimensions domain while still allowing for a secure connection via HTTPS. This is currently available for use with Web Content CNAMEs and multiple SSL certificates can be uploaded if you make use of multiple CNAMEs on different domains.
Uploading a new SSL certificate
Navigate to Settings and Support > ClickDimensions Settings > SSL Certificates in CRM.
This will open the SSL Certificates area where you can upload your certificates:
Clicking the Upload File or the Add Another SSL Certificate options will allow you to select an SSL certificate to upload.
SSL Certificate Setup and Requirements
First, you will need to set up a CNAME within your domain provider's settings. The following are what your CNAME needs to point to depending on the regional data center that you are registered for:
The appropriate Front Door URL should also appear under Azure Front Door Endpoint when adding a new certificate.
Once your CNAME is setup, you will need to generate the SSL certificate and upload this certificate by clicking the Upload File or the Add Another SSL Certificate options.
Self-signed certificates are not supported, and the certificate must be provided by a trusted Certificate Authority as shown at the end of the article.
Wildcard certificates are supported; however, you must specify the CNAME that points to the regional endpoint when filling out the Domain field on the import page, and NOT the wildcard domain. (ex. *.clickdimensions.com cannot be used as the domain).
Supported CNAME and SSL CN Examples:
SSL CN: *.customdomain.com
CNAME: web.customdomain.com, survey.customdomain.com, form.customdomain.com etc.
SSL CN: web.customdomain.com
SSL CN: *.web.customdomain.com
CNAME: survey.web.customdomain.com, form.web.customdomain.com
SSL Subject Alternative Names: We currently do not support this.
For further documentation on supported certificate and CNAME options, please refer to Microsoft's documentation here.
Supported certificate formats are PFX and PEM.
- .pem file format contains one or more X509 certificate files.
- .pfx file format is an archive file format for storing several cryptographic objects in a single file i.e. server certificate (issued for your domain), a matching private key, and may optionally include an intermediate CA.
Please note, if your certificate is missing the private key, the certificate will fail to upload.
In addition, the certificate must be greater than 30 days until expiration at the time of import. A certificate that is set to expire in 30 days or less will fail to upload.
You can then enter your certificate's password (if it has one set) to complete the upload process. Once you have filled in these fields, you will then have the option to 'Confirm and Add' your certificate.
After the SSL certificate has been uploaded, you can create a new Domain record for your CNAME if your existing domain records does not already include the web content CNAME specified in the domain field from the import page.
Please note that, if your existing domain record in CRM does not already contain the web content CNAME, this step must be done after uploading the certificate as the CNAME validation done during the domain record creation will fail as the CNAME is now pointing to the regional endpoint URL
You then will be able to use HTTPS with Web Content using this CNAME 1 hour after this process completes.
Updating SSL certificates
Once you have at least one uploaded certificate, the SSL Certificates screen will also update:
You will then be able to add a Notification Email that will be alerted both 14 days and 30 days before your certificates are about to expire. You will also have the options to Remove this certificate or use the Replace File option to change the certificate itself. If you have additional certificates that you would like to use, then you can use the Add Another SSL Certificate option to create another entry.
Removing SSL Certificates
If you would like to remove a certificate, you must remove the CNAME alias with your DNS provider prior to removing the certificate. Failure to do so will result in an error.
Once that CNAME entry is removed, you can then navigate back into Settings and Support > ClickDimensions Settings > SSL Certificates and click the Remove button on the corresponding SSL certificate.
Please note that if you have uploaded the same SSL certificate into multiple environments, then removing the SSL certificate from one environment will remove the certificate from ALL environments. Due to this, you may want to consider using a different set of certificates for the environments where applicable and check each of your environments after removing a certificate to ensure that all of the appropriate certificates are still present.
Please note: We bypass restrictions of subject line and manual upload certificate but we are working to check for alternative subject name.
Which Certificate Authorities do we allow?
The allowed authorities are listed here. These certificate authorities are determined by Azure FrontDoor, which is a Microsoft Service utilized by ClickDimensions for the creation of this service.
If I already have an existing Domain record in CRM with a Web Content alias, do I still need to create a new Domain record?
No, you do not need to create a new Domain record. Instead, you can simply purchase a certificate for that existing alias, point that CNAME alias to the regional endpoint mentioned at the beginning of the article, and then upload your certificate using the SSL Certificate option on the ClickDimensions Settings page.
|Feature Added: 11.3.0|
|Feature Updated: 12.6.0|
|ClickDimensions Version Needed: 11.3.0|