SSL certificates allow HTTPS to be enabled for a custom domain used in a CNAME. Our new SSL certificates feature allows you to upload your own SSL certificate so that you can still brand your links with your company's domain name instead of the Click domain while still allowing for a secure connection via HTTPS. This is currently available for use with Web Content CNAMEs and multiple SSL certificates can be uploaded if you make use of multiple CNAMEs on different domains.
Setup a Web Content CNAME
Web Content CNAMEs are used to brand links to web content records (Forms, Surveys, Landing Pages, and Subscription Management Pages). Form, Survey, and Subscription Page submissions will be properly recorded in Dynamics even if there is not a web content CNAME set up, but without the Web Content CNAME, the page views for these records may not correctly associate with the lead or contact visiting your site since the domain of the web content URL is a different domain than the one used in the Click tracking script on your website.
NOTE: When a Web Content CNAME isn't setup along with an SSL certificate, the Web Content URL will be HTTPS, but will use the default Click CNAME and won't be branded with your domain. If you want your Web Content URL to be HTTPS and be branded with your domain, you will need to setup an SSL certificate for your CNAME or use the default link format rather than a CNAME.
To use the default link, you can either associate a Domain record that does not include a Web Content CNAME value with the Web Content record, or you can manually modify the link. For example, http://web.mycompany.com/exampleformlink would be manually updated to https://analytics.clickdimensions.com/exampleformlink
WARNING: Proxied CNAME's are not supported by ClickDimensions.
Goals
- Determine what your Web Content CNAME should point to
- Set up your Web Content CNAME in your DNS Host
- Add your Web Content CNAME to CRM
Uploading a new SSL certificate
Navigate to Settings and Support > ClickDimensions Settings > SSL Certificates in CRM.
This will open the SSL Certificates area where you can upload your certificates:
NOTE: For details regarding SSL certificates for Emails, please see our article here.
Selecting the Web Content CNAME tab and clicking the Add New button will allow you to select an SSL certificate to upload.
What should your Web Content CNAME point to?
In order for your links to work properly once a CNAME has been applied to them, the CNAME you set up in your DNS host will need to be configured to point to a specific value. This can vary depending on where your account is deployed (which data center was chosen during deploying the Click solution), so you'll need to check to see what the default value is.
US Data Center | cd-analytics-us.azurefd.net |
EU Data Center | cd-analytics-eu.azurefd.net |
AU Data Center | cd-analytics-au.azurefd.net |
CAN Data Center | cd-analytics-ca.azurefd.net |
Create your Web Content CNAME
- Dynamics 365
- Legacy View
Go to your hosting service's DNS manager and create a new CNAME entry to redirect the Web Content CNAME value you would like in your embedded content links (e.g. web.mycompany.com) to the appropriate value for your data center as listed in the previous table.
Here's an example of adding the CNAMEs for a domain whose DNS is hosted by GoDaddy:
Create your Domain Record
Unlike the Email CNAME, which is added to Dynamics under DNS Settings within ClickDimensions Settings, Web Content CNAMEs are added to the Domain record that you created for web tracking.
Wait 60 minutes after adding the appropriate entry to your DNS and then go to the ClickDimensions Settings under the Settings & Support in the left sidebar.
Go Settings & Support > Domains
Then insert the new CNAME into the Web Content CNAME field of the corresponding Domain Record.
NOTE: The Domain field should contain an actual domain name value, and should not have http:// or 'www' in it. It should just be a domain, like mycompany.com.
To be sure your Web Content CNAME is working, you can click the Test Alias button on the ribbon.
The 'Test Alias' button specifically checks to see if the Web Content CNAME points to the proper Click endpoint. Due to this, you will receive an 'Invalid CNAME' error when testing CNAMEs that point to the cd-analytics-XX.azurefd.net URL if an SSL certificate hasn't yet been uploaded in ClickDimensions Settings for your Web Content CNAME, but your Domain and CNAME should still work.
If everything looks good, you'll receive this message in return:
If you get an error Unable to connect, make sure the value you entered in the Web Content CNAME field actually resolves to cd-analytics-us.azurefd.net (cd-analytics-eu.azurefd.net for EU data center, cd-analytics-au.azurefd.net for Australia data center). Click here to see how to use your computer's command prompt to check this.
Go to your hosting service's DNS manager and create a new CNAME entry to redirect the Web Content CNAME value you would like in your embedded content links (e.g. web.mycompany.com) to the appropriate value for your data center as listed in the previous table.
Here's an example of adding the CNAMEs for a domain whose DNS is hosted by GoDaddy:
Create your Domain Record (Dynamics 2011/2013/2015)
Unlike the Email CNAME, which is added to Dynamics under DNS Settings within ClickDimensions Settings, Web Content CNAMEs are added to the Domain record that you created for web tracking.
Wait 60 minutes and then go to the ClickDimensions Settings in your Microsoft CRM settings area and insert the new CNAME into the Web Content CNAME field of the corresponding Domain Record.
NOTE: The Domain field should contain an actual domain name value, and should not have http:// or 'www' in it. It should just be a domain, like mycompany.com.
To be sure your Web Content CNAME is working, you can click the Test Alias button on the ribbon.
The 'Test Alias' button specifically checks to see if the Web Content CNAME points to one of the region-specific versions of the cd-analytics-**.azurefd.net URL, where ** refers to your data center. Due to this, you will receive an 'Invalid CNAME' error when testing CNAMEs that point to the cd-analytics.azurefd.net URL but your Domain and CNAME should still work.
If everything looks good, you'll receive this message in return:
If you get an error Unable to connect, make sure the value you entered in the Web Content CNAME field actually resolves to the proper URL provided above based on your data center, for example, cd-analytics-eu.azurefd.net if you are using our EU data center, or cd-analytics-au.azurefd.net if you are using our Australia data center. Click here to see how to use your computer's command prompt to check this.
NOTE: If you have an internal DNS server on your network, your network administrator will need to also create CNAME entries for your internal network if you want these links to work for your users. (The branded links are intended for recipients, but if you plan on testing links in emails and forms, you will need to be able to reach these addresses inside your network too.)
SSL Certificate Setup and Requirements
Caution: If you have already uploaded an SSL certificate using the old cd-analytics.azurefd.net endpoint and you are replacing or renewing the existing certificate, then it will need to remain on the old endpoint instead of using one of the new regional endpoints.
Trying to change the endpoint to the newer endpoints while renewing the certificate may cause web content using the associated CNAME to become inaccessible.
The appropriate Front Door URL should also appear under Azure Front Door Endpoint when adding a new certificate.
The Notification Email field lets you enter an email address that will be alerted both 14 days and 30 days before your certificates are about to expire.
Once your CNAME is setup, you will need to generate the SSL certificate, upload this certificate by clicking the Upload option, and then select Verify and Add after filling in the certificate details.
CAUTION: Subject Alternative Names or SANs certificates and Self-signed certificates are not supported, and the certificate must be provided by a trusted Certificate Authority as shown at the end of the article.
Wildcard certificates are supported; however, you must specify the CNAME that points to the regional endpoint when filling out the Domain field on the import page, and NOT the wildcard domain. (ex. *.clickdimensions.com cannot be used as the domain).
Supported CNAME and SSL CN Examples:
SSL CN: *.customdomain.com
CNAME: web.customdomain.com, survey.customdomain.com, form.customdomain.com etc.
SSL CN: web.customdomain.com
CNAME: web.customdomain.com
SSL CN: *.web.customdomain.com
CNAME: survey.web.customdomain.com, form.web.customdomain.com
SSL Subject Alternative Names: We currently do not support this.
For further documentation on supported certificate and CNAME options, please refer to Microsoft's documentation here.
Supported certificate formats are PFX and PEM.
- .pem file format contains one or more X509 certificate files.
- .pfx file format is an archive file format for storing several cryptographic objects in a single file i.e. server certificate (issued for your domain), a matching private key, and may optionally include an intermediate CA.
Please note, if your certificate is missing the private key, the certificate will fail to upload.
In addition, the certificate must be greater than 30 days until expiration at the time of import. A certificate that is set to expire in 30 days or less will fail to upload.
You can then enter your certificate's password (if it has one set) to complete the upload process. Once you have filled in these fields, you will then have the option to 'Confirm and Add' your certificate.
After the SSL certificate has been uploaded, you can create a new Domain record for your CNAME if your existing domain records does not already include the web content CNAME specified in the domain field from the import page.
Please note that, if your existing domain record in CRM does not already contain the web content CNAME, this step must be done after uploading the certificate as the CNAME validation done during the domain record creation will fail as the CNAME is now pointing to the regional endpoint URL
You then will be able to use HTTPS with Web Content using this CNAME 1 hour after this process completes.
CAUTION: When updating/replacing an existing SSL certificate, instead of performing an initial upload, it can take up to 72 hours for the SSL propagation to complete. This period will need to be accounted for when replacing a certificate that will expire within that time period. Please see this Microsoft article for additional details.
Updating and Removing SSL certificates
Once you have at least one uploaded certificate, then you can select an SSL Certificate by checking the checkbox next to the certificate name:
Once a certificate is selected, you will also have the options to Edit or Delete this certificate. Editing will allow you to update the details or re-upload an SSL certificate.
If you would like to remove a certificate, you must remove the CNAME alias with your DNS provider prior to removing the certificate. Failure to do so will result in an error.
Once that CNAME entry is removed, you can then navigate back into Settings and Support > ClickDimensions Settings > SSL Certificates and click the Delete button on the corresponding SSL certificate.
CAUTION: if you have uploaded the same SSL certificate into multiple environments, then removing the SSL certificate from one environment will remove the certificate from ALL environments. Due to this, you may want to consider using a different set of certificates for the environments where applicable and check each of your environments after removing a certificate to ensure that all of the appropriate certificates are still present.
Please note: We bypass restrictions of subject line and manual upload certificate but we are working to check for alternative subject name.
FAQs
Which Certificate Authorities do we allow?
The allowed authorities are listed here. These certificate authorities are determined by Azure FrontDoor, which is a Microsoft Service utilized by Click for the creation of this service.
If I already have an existing Domain record in Dynamics with a Web Content alias, do I still need to create a new Domain record?
No, you do not need to create a new Domain record. Instead, you can simply purchase a certificate for that existing alias, point that CNAME alias to the regional endpoint mentioned at the beginning of the article, and then upload your certificate using the SSL Certificate option on the ClickDimensions Settings page.
Feature Added: 11.3.0 |
Feature Updated: 12.9.0 |
Click Version Needed: 11.3.0 |