SSL certificates allow HTTPS to be enabled for a custom domain used in a CNAME. Our new SSL certificates feature allows you to upload your own SSL certificate so that you can still brand your links with your company's domain name instead of the ClickDimensions domain while still allowing for a secure connection via HTTPS. This is currently available for use with Web Content CNAMEs and multiple SSL certificates can be uploaded if you make use of multiple CNAMEs on different domains.
Uploading a new SSL certificate
Navigate to Settings and Support > ClickDimensions Settings > SSL Certificates in CRM.
This will open the SSL Certificates area where you can upload your certificates:
NOTE: For details regarding SSL certificates for Emails, please see our article here.
Selecting the Web Content CNAME tab and clicking the Add New button will allow you to select an SSL certificate to upload.
SSL Certificate Setup and Requirements
First, you will need to set up a CNAME within your domain provider's settings. The following are what your CNAME needs to point to depending on the regional data center that you are registered for:
Caution: If you have already uploaded an SSL certificate using the old cd-analytics.azurefd.net endpoint and you are replacing or renewing the existing certificate, then it will need to remain on the old endpoint instead of using one of the new regional endpoints.
Trying to change the endpoint to the newer endpoints while renewing the certificate may cause web content using the associated CNAME to become inaccessible.
The appropriate Front Door URL should also appear under Azure Front Door Endpoint when adding a new certificate.
The Notification Email field lets you enter an email address that will be alerted both 14 days and 30 days before your certificates are about to expire.
Once your CNAME is setup, you will need to generate the SSL certificate, upload this certificate by clicking the Upload option, and then select Verify and Add after filling in the certificate details.
CAUTION: Subject Alternative Names or SANs certificates and Self-signed certificates are not supported, and the certificate must be provided by a trusted Certificate Authority as shown at the end of the article.
Wildcard certificates are supported; however, you must specify the CNAME that points to the regional endpoint when filling out the Domain field on the import page, and NOT the wildcard domain. (ex. *.clickdimensions.com cannot be used as the domain).
Supported CNAME and SSL CN Examples:
SSL CN: *.customdomain.com
CNAME: web.customdomain.com, survey.customdomain.com, form.customdomain.com etc.
SSL CN: web.customdomain.com
SSL CN: *.web.customdomain.com
CNAME: survey.web.customdomain.com, form.web.customdomain.com
SSL Subject Alternative Names: We currently do not support this.
For further documentation on supported certificate and CNAME options, please refer to Microsoft's documentation here.
Supported certificate formats are PFX and PEM.
- .pem file format contains one or more X509 certificate files.
- .pfx file format is an archive file format for storing several cryptographic objects in a single file i.e. server certificate (issued for your domain), a matching private key, and may optionally include an intermediate CA.
Please note, if your certificate is missing the private key, the certificate will fail to upload.
In addition, the certificate must be greater than 30 days until expiration at the time of import. A certificate that is set to expire in 30 days or less will fail to upload.
You can then enter your certificate's password (if it has one set) to complete the upload process. Once you have filled in these fields, you will then have the option to 'Confirm and Add' your certificate.
After the SSL certificate has been uploaded, you can create a new Domain record for your CNAME if your existing domain records does not already include the web content CNAME specified in the domain field from the import page.
Please note that, if your existing domain record in CRM does not already contain the web content CNAME, this step must be done after uploading the certificate as the CNAME validation done during the domain record creation will fail as the CNAME is now pointing to the regional endpoint URL
You then will be able to use HTTPS with Web Content using this CNAME 1 hour after this process completes.
Caution: When updating/replacing an existing SSL certificate, instead of performing an initial upload, it can take up to 72 hours for the SSL propagation to complete. This period will need to be accounted for when replacing a certificate that will expire within that time period. Please see this Microsoft article for additional details.
Updating and Removing SSL certificates
Once you have at least one uploaded certificate, then you can select an SSL Certificate by checking the checkbox next to the certificate name:
Once a certificate is selected, you will also have the options to Edit or Delete this certificate. Editing will allow you to update the details or re-upload an SSL certificate.
If you would like to remove a certificate, you must remove the CNAME alias with your DNS provider prior to removing the certificate. Failure to do so will result in an error.
Once that CNAME entry is removed, you can then navigate back into Settings and Support > ClickDimensions Settings > SSL Certificates and click the Delete button on the corresponding SSL certificate.
Please note that if you have uploaded the same SSL certificate into multiple environments, then removing the SSL certificate from one environment will remove the certificate from ALL environments. Due to this, you may want to consider using a different set of certificates for the environments where applicable and check each of your environments after removing a certificate to ensure that all of the appropriate certificates are still present.
Please note: We bypass restrictions of subject line and manual upload certificate but we are working to check for alternative subject name.
Which Certificate Authorities do we allow?
The allowed authorities are listed here. These certificate authorities are determined by Azure FrontDoor, which is a Microsoft Service utilized by ClickDimensions for the creation of this service.
If I already have an existing Domain record in CRM with a Web Content alias, do I still need to create a new Domain record?
No, you do not need to create a new Domain record. Instead, you can simply purchase a certificate for that existing alias, point that CNAME alias to the regional endpoint mentioned at the beginning of the article, and then upload your certificate using the SSL Certificate option on the ClickDimensions Settings page.
|Feature Added: 11.3.0|
|Feature Updated: 12.9.0|
|ClickDimensions Version Needed: 11.3.0|