常見問題集
下列資訊回答有關在Target中請求和實作CNAME支援的常見問題:
我可以提供我自己的憑證(自備憑證或BYOC)嗎?
您可以提供自己的憑證。 不過,Adobe不建議使用此作法。 如果Adobe購買並控制憑證,Adobe和您都能更輕鬆地管理SSL憑證生命週期。 SSL憑證必須每年續約。 因此,Adobe Client Care必須每年與您連絡,才能及時取得新憑證。 有些客戶可能難以及時產生更新的憑證。 憑證過期時,因為瀏覽器拒絕連線,所以您的Target實作已受到危害。
我的新SSL憑證要多久才會過期?
所有Adobe購買的憑證都有效期為一年。 如需詳細資訊,請參閱DigiCert關於1年憑證的文章。
我應該選擇哪些主機名稱? 每個網域應該選擇幾個主機名稱?
Target CNAME實作只需要SSL憑證和客戶的DNS中每個網域有一個主機名稱。 Adobe建議每個網域使用一個主機名稱。 有些客戶出於其自身目的(例如在測試環境中測試)而要求每個網域有更多主機名稱,此做法受到支援。
大多數客戶選擇類似target.example.com
的主機名稱。 Adobe建議您遵循此作法,但最終還是由您來決定。 請勿要求現有DNS記錄的主機名稱。 這樣做會造成衝突,並延遲解決Target CNAME要求的時間。
我已經有Adobe Analytics的CNAME實作,可以使用相同的憑證或主機名稱嗎?
否,Target需要個別的主機名稱和憑證。
我目前的Target實作是否會受到ITP 2.x影響?
Apple智慧型追蹤預防(ITP) 2.3版匯入了CNAME遮蔽緩解功能,此功能可偵測Target CNAME實作,並將Cookie的有效期縮短為七天。 目前Target沒有ITP CNAME遮罩緩解的因應措施。 如需有關ITP的詳細資訊,請參閱Apple智慧型追蹤預防(ITP) 2.x。
部署CNAME實作時,可能會發生哪些服務中斷?
部署憑證時沒有服務中斷(包括憑證續約)。
不過,當您將Target實作程式碼( at.js中的serverDomain
)中的主機名稱變更為新的CNAME主機名稱(target.example.com
)後,網頁瀏覽器會將回頭的訪客視為新訪客。 回訪訪客的設定檔資料遺失,因為舊主機名稱(clientcode.tt.omtrdc.net
)下的先前Cookie無法存取。 由於瀏覽器安全模式的緣故,無法存取先前的Cookie。 這種中斷只會在初次切換至新CNAME時發生。 憑證更新不會產生相同的效果,因為主機名稱不會變更。
我的CNAME實作使用什麼金鑰型別和憑證簽章演演算法?
所有憑證預設為RSA SHA-256,金鑰則為RSA 2048位元。 目前不支援大於2048位元的金鑰大小。
如何驗證我的CNAME實作準備好進行流量?
使用以下命令集(在macOS或Linux命令列終端機中,使用bash和curl >=7.49):
-
將此Bash函式複製並貼到您的終端機中,或將函式貼到您的Bash啟動指令碼檔案中(通常是
~/.bash_profile
或~/.bashrc
),以便該函式可在終端機工作階段中使用:function adobeTargetCnameValidation { local hostname="$1" if [ -z "$hostname" ]; then echo "ERROR: no hostname specified" return 1 fi local service="Adobe Target CNAME implementation" local edges="41 42 44 45 46 47 48" local edgeDomain="tt.omtrdc.net" local edgeFormat="mboxedge%d%s.$edgeDomain" local poolDomain="pool.data.adobedc.net" local shards=5 local shardsFoundCount=0 local shardsFound="" local shardsFoundOutput="" local curlRegex="subject:.*CN=|expire date:|issuer:" local curlValidation="SSL certificate verify ok" local curlResponseValidation='"OK"' local curlEndpoint="/uptime?mboxClient=uptime3" local url="https://$hostname$curlEndpoint" local sslShopperUrl="https://www.sslshopper.com/ssl-checker.html#hostname=$hostname" local success="✅" local failure="🚫" local info="🔎" local rule="=" local horizontalRule="$(seq ${COLUMNS:-30} | xargs printf "$rule%.0s")" local miniRule="$(seq 5 | xargs printf "$rule%.0s")" local curlVersion="$(curl --version | head -1 | cut -d' ' -f2)" local curlVersionRequired=7.49 local edgeCount="$(wc -w <<< "$edges" | tr -d ' ')" local cnameExists="" local endToEndTestSucceeded="" for region in IRL1 IND1 SIN OR SYD VA TYO; do local currShard="${region}-${poolDomain}" local curlResult="$(curl -vsm20 --connect-to "$hostname:443:$currShard:443" "$url" 2>&1)" if grep -q "$curlValidation" <<< "$curlResult"; then shardsFound+=" $currShard" if grep -q "$curlResponseValidation" <<< "$curlResult"; then shardsFoundCount=$((shardsFoundCount+1)) shardsFoundOutput+="\n\n$miniRule $success $hostname [edge shard: $currShard] $miniRule\n" else shardsFoundOutput+="\n\n$miniRule $failure $hostname [edge shard: $currShard] $miniRule\n" fi shardsFoundOutput+="$(grep -E "$curlRegex" <<< "$curlResult" | sort)" if ! grep -q "$curlResponseValidation" <<< "$curlResult"; then shardsFoundOutput+="\nERROR: unexpected HTTP response from this shard using $url" fi fi done echo echo "$horizontalRule" echo echo "$service validation for hostname $hostname:" local dnsOutput="$(dig -t CNAME +short "$hostname" 2>&1)" if grep -qFi ".$edgeDomain" <<< "$dnsOutput"; then echo "$success $hostname passes DNS CNAME validation" cnameExists=true else echo -n "$failure $hostname FAILED DNS CNAME validation -- " if [ -n "$dnsOutput" ]; then echo -e "$dnsOutput is not in the subdomain $edgeDomain" else echo "required DNS CNAME record pointing to <target-client-code>.$edgeDomain not found" fi fi for region in IRL1 IND1 SIN OR SYD VA TYO; do local curlResult="$(curl -vsm20 --connect-to "$hostname:443:${region}-pool.data.adobedc.net:443" "https://$hostname$curlEndpoint" 2>&1)" if grep -q "$curlValidation" <<< "$curlResult"; then if grep -q "$curlResponseValidation" <<< "$curlResult"; then echo -en "$success $hostname passes TLS and HTTP response validation for region $region" if [ -n "$cnameExists" ]; then echo else echo " -- the DNS CNAME is not pointing to the correct subdomain for ${service}s with Adobe-managed certificates" \ "(bring-your-own-certificate implementations don't have this requirement), but this test passes as configured" fi endToEndTestSucceeded=true else echo -n "$failure $hostname FAILED HTTP response validation for region $region --" \ "unexpected response from $url -- " if [ -n "$cnameExists" ]; then echo "DNS is NOT pointing to the correct shard, notify Adobe Client Care" else echo "the required DNS CNAME record is missing, see above" fi fi else echo -n "$failure $hostname FAILED TLS validation for region $region -- " if [ -n "$cnameExists" ]; then echo "DNS is likely NOT pointing to the correct shard or there's a validation issue with the certificate or" \ "protocols, see curl output below and optionally SSL Shopper ($sslShopperUrl):" echo "" echo "$horizontalRule" echo "$curlResult" | sed 's/^/ /g' echo "$horizontalRule" echo "" else echo "the required DNS CNAME record is missing, see above" fi fi done if [ "$shardsFoundCount" -ge "$edgeCount" ]; then echo -n "$success $hostname passes shard validation for the following $shardsFoundCount edge shards:" echo -e "$shardsFoundOutput" echo if [ -n "$cnameExists" ] && [ -n "$endToEndTestSucceeded" ]; then echo "$horizontalRule" echo "" echo " For additional TLS/SSL validation, see SSL Shopper:" echo "" echo " $info $sslShopperUrl" echo "" echo " To check DNS propagation around the world, see whatsmydns.net:" echo "" echo " $info DNS A records: https://whatsmydns.net/#A/$hostname" echo " $info DNS CNAME record: https://whatsmydns.net/#CNAME/$hostname" fi else echo -n "$failure $hostname FAILED shard validation -- shards found: $shardsFoundCount," \ "expected: $edgeCount" echo "" fi echo echo "$horizontalRule" echo }
-
貼上此命令(將
target.example.com
取代為您的主機名稱):adobeTargetCnameValidation target.example.com
如果實作準備就緒,您會看到如下所示的輸出。 重要的一點是,所有驗證狀態行都顯示
✅
而非🚫
。 每個Target Edge CNAME分片都應該顯示CN=target.example.com
,這符合要求的憑證上的主要主機名稱(憑證上的其他SAN主機名稱不會列印在此輸出中)。$ adobeTargetCnameValidation target.example.com ========================================================== Adobe Target CNAME implementation validation for hostname target.example.com: ✅ target.example.com passes DNS CNAME validation ✅ target.example.com passes TLS and HTTP response validation for region IRL1 ✅ target.example.com passes TLS and HTTP response validation for region IND1 ✅ target.example.com passes TLS and HTTP response validation for region SIN ✅ target.example.com passes TLS and HTTP response validation for region OR ✅ target.example.com passes TLS and HTTP response validation for region SYD ✅ target.example.com passes TLS and HTTP response validation for region VA ✅ target.example.com passes TLS and HTTP response validation for region TYO ✅ target.example.com passes shard validation for the following 7 edge shards: ===== ✅ target.example.com [edge shard: IRL1-pool.data.adobedc.net] ===== * expire date: Feb 20 23:59:59 2026 GMT * issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 * subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com ===== ✅ target.example.com [edge shard: IND1-pool.data.adobedc.net] ===== * expire date: Feb 20 23:59:59 2026 GMT * issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 * subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com ===== ✅ target.example.com [edge shard: SIN-pool.data.adobedc.net] ===== * expire date: Feb 20 23:59:59 2026 GMT * issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 * subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com ===== ✅ target.example.com [edge shard: OR-pool.data.adobedc.net] ===== * expire date: Feb 20 23:59:59 2026 GMT * issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 * subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com ===== ✅ target.example.com [edge shard: SYD-pool.data.adobedc.net] ===== * expire date: Feb 20 23:59:59 2026 GMT * issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 * subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com ===== ✅ target.example.com [edge shard: VA-pool.data.adobedc.net] ===== * expire date: Feb 20 23:59:59 2026 GMT * issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 * subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com ===== ✅ target.example.com [edge shard: TYO-pool.data.adobedc.net] ===== * expire date: Feb 20 23:59:59 2026 GMT * issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 * subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com ========================================================== For additional TLS/SSL validation, see SSL Shopper: 🔎 https://www.sslshopper.com/ssl-checker.html#hostname=target.example.com To check DNS propagation around the world, see whatsmydns.net: 🔎 DNS A records: https://whatsmydns.net/#A/target.example.com 🔎 DNS CNAME record: https://whatsmydns.net/#CNAME/target.example.com
dig target.example.com
命令或G Suite Toolbox來查詢您特定的TTL。 若要檢查全球的DNS傳播,請參閱whatsmydns.net。