Once you have delegated a domain to Adobe for sending email (see Domain name setup), Adobe will create and use certain subdomains for specific functions.
For example, if you have delegated email.example.com to Adobe for sending emails, Adobe will create subdomains such as the following:
It is recommended to secure these domains via SSL (HTTPS). Indeed, unsecured links (HTTP) are vulnerable to interception and will flag up warnings on modern browsers.
To install SSL certificates on these subdomains, the process involves requesting a CSR file and subsequently purchasing SSL certificates for Adobe to install or renew.
Before installing an SSL certificate, make sure you are aware of the prerequisites listed on this page.
Adobe only supports up to 2048-bit certificates. 4096-bit certificates are not yet supported.
Term | Description |
---|---|
CA (Certificate Authority) | An SSL certificate provider that issues digital certificates to organizations or individuals after verifying their identity, such as DigiCert, Symantec, etc.
|
Chain certificate | A certificate which includes a root certificate and one or more intermediate certificates is called a chain (or chained) certificate. |
CSR (Certificate Signing Request) | A block of encoded text that is given to a Certificate Authority when applying for an SSL certificate. It is usually generated on the server where the certificate is installed. |
DER (Distinguished Encoding Rules) | A certificate extension type. The .der extension is used for binary DER encoded certificates. These files may also support the .cer or .crt extension. |
EV (Extended Validation) certificate | An EV certificate is a new type of certificate that is designed to prevent phishing attacks. It requires extended validation of your business and of the person ordering the certificate. |
High assurance certificate | High assurance certificates are issued by the CA after verifying ownership of the domain name and valid business registration. |
Intermediate CA | A Certificate Authority of intermediate certificates included in a chain certificate. |
Intermediate certificate | A Certificate Authority issues certificates in the form of a tree structure. The root certificate is the top-most certificate of the tree. Any certificate between your certificate and the root certificate is called a chain or intermediate certificate. |
Low assurance certificate | A low assurance certificate, also referred as domain validated certificate, includes only the domain name in the certificate (and not the business/organization name). |
PEM (Privacy Enhanced Mail) | A certificate with a .pem extension which contains ASCII (Base64) data. Such certificates start with a " - - - - - BEGIN CERTIFICATE - - - - -" line. |
Root certificate | A Certificate Authority issues certificates in the form of a tree structure. The root certificate is the top-most certificate of the tree. |
SAN (Subject Alternative Name) | The subject alternative names are additional host names (sites, IP addresses, common names, etc.) that should be signed as part of a single SSL certificate. |
Self-signed certificate | A certificate that is signed by the person creating it rather than a trusted certificate authority. Self-signed certificates can enable the same level of encryption as a certificate signed by a CA, but there are two major drawbacks:
|
SSL (Secure Sockets Layer) | The standard security technology for establishing an encrypted link between a web server and a browser. |
Wildcard certificate | A wildcard certificate can secure an unlimited number of first-level subdomains on a single domain name, such as *.adobe.com. |
You must identify the domain names and the functions (tracking, mirror pages, webapps, etc.) to secure.
Adobe can help in defining the domain names and functions to involve. For more information, contact your Adobe Account Team.
To obtain a CSR (Certificate Signing Request) file, follow the steps below.
If you have access to the Control Panel, follow the instructions on this page to generate and download a CSR file from the Control Panel.
Otherwise, create a Support ticket via https://adminconsole.adobe.com/ to obtain a CSR file from Adobe Customer Care for the required subdomain(s).
Here are a few best practices to follow:
You will need to provide the following information.
All the fields indicated in the tables below must be filled in. Otherwise, the CSR request cannot be processed.
Information to provide with the assistance of the Adobe team:
Information to provide | Example value | Note |
---|---|---|
Client Name | My Company Inc. | Name of your organization. This field is used by Adobe for tracking your request (it will not be part of the CSR/SSL certificate). |
Adobe Campaign Environment URL | https://client-mid-prod1.campaign.adobe.com | Adobe Campaign instance URL. |
Common Name [CN] | t.subdomain.customer.com | This can be any of the relevant domains, but usually the tracking domain. |
Subject Alternative Name [SAN] | t.subdomain.customer.com | Make sure to include tracking subdomain as a SAN. |
Subject Alternative Name [SAN] | m.subdomain.customer.com | |
Subject Alternative Name [SAN] | res.subdomain.customer.com |
Information to provide by your IT/SSL internal team:
Information to provide | Example value | Note |
---|---|---|
Country [C] | US | This must be a two-letter code. Access the full country list here.Note: For United Kingdom, use GB (not UK). |
State (or Province Name) [ST] | Illinois | If applicable. The value must be a full name, not abbreviated. |
City/Locality Name [L] | Chicago | |
Organization Name [O] | ACME | |
Organizational Unit Name [OU] | IT |
Replace “subdomain.customer.com” with your delegated subdomain, and the other example values with the appropriate values.
After submitting your request with the relevant information, Adobe generates and provides you with a Certificate Signing Request (CSR) file.
The text in the resulting CSR file must start with “-----BEGIN CERTIFICATE REQUEST-----”.
Once you receive the CSR file from Adobe, follow the steps below:
Once the CSR file is provided, you must purchase and generate an SSL certificate for the appropriate domains using the CSR file.
If you are using your own internal tools or a portal provided by a CA to request the certificate, make sure to use the same details as provided in the CSR request to avoid any delays or discrepancies in the certificate generation process.
Once the SSL certificate is generated, you must validate it before sending it to Adobe. To do so, follow the steps below:
If you have access to the Control Panel, follow the instructions on this page to upload the certificate to Control Panel.
Otherwise, create another Support ticket via https://adminconsole.adobe.com/ to request Adobe to install the certificate on the Adobe server(s).
You’ll need to provide:
Once the SSL certificate is installed and confirmed by Adobe Customer Care, make sure that it has been successfully installed for all URLs.
Perform the tests below before closing the SSL installation ticket. Also make sure you update any specific configuration as instructed in this section.
Navigate to the following URLs in your browser (replace “subdomain.customer.com” with your subdomain):
A successful result gives environment information, and the address bar in the URL indicates that the connection is secure. For example, you can see the following message in Google Chrome:
If the SSL certificate is not installed properly, the following warning is displayed:
You can check the validity period of the certificate in your browser. For example, in Google Chrome, click Secure > Certificate.
It is your responsibility to check the validity period. Adobe recommends you implement a process to monitor certificate expiry. Learn more on what happens when your SSL certificate expires in this article.
Create a Support ticket to request an updated certificate at least two weeks before the certificate expiry date. You do not need to request an additional CSR, unless the CSR details have changed.
If you have access to the Control Panel, and if your environment is hosted by Adobe in an AWS environment, you can use the Control Panel to renew the certificate before it expires. Learn more in this section.
Once you are confident the requested SSL certificates are installed properly, you can update all references in Adobe Campaign from HTTP to HTTPS.
For Campaign Classic, the URLs to update are mainly located in the Deployment wizard and in the External accounts (tracking, mirror page, and public resource domains). For Campaign Standard, refer to Branding configuration.
Once configurations are updated, new emails will be sent with HTTPS URLs rather than HTTP. To check the URLs are now secure, you can quickly perform the following tests:
Campaign Classic
Campaign Standard