Renew SSL certificates
The SSL certificate renewal process includes 3 steps:
-
Generation of the Certificate Signing Request (CSR)
Certificate Signing Request has to be generated for the instance and subdomains you are planning to secure prior to purchasing a certificate. You will need to provide some information required to generate the CSR (such as Common Name, Organization Name and address, etc.). Learn more
-
Purchase of the SSL certificate
Once the CSR is generated, you can use it to purchase the SSL certificate from the Certificate Authority that your company approves.
-
Installation of the SSL certificate
Install the purchased SSL certificate on the desired subdomain to secure them. Learn more
Discover this feature in video using Campaign v7/v8 or Campaign Standard
Related topics:
Generate the CSR
To generate a Certificate Signing Request (CSR), follow these steps:
-
In the Subdomains & Certificates card, select the desired instance, then click the Manage Certificate button.
-
Select 1 - Generate a CSR, then click Next to launch the wizard that will guide you through the CSR generation process.
-
A form displays, with all the details required to generate your CSR.
Make sure you fill in the requested information fully and accurately, otherwise the certificate may not be renewed (contact your internal team, Security and IT teams if necessary), then click Next.
- Organization: official organization name.
- Organization Unit: unit linked to the subdomain (example: Marketing, IT).
- Instance (pre-filled): URL of the Campaign instance associated to the subdomain.
- Common name: the common name is selected by default, you can select one of the subdomains if necessary.
-
Select the subdomains to include into the CSR, then click OK.
-
The selected subdomains display in the list. For each of them, select the subdomains to include, then click Next.
-
A summary of the subdomains to include in the CSR displays. Click Submit to confirm your request.
note note NOTE The Copy CSR content button allows you to copy all information related to the CSR (Org ID, instance, organization name, common name, included subdomains etc.) -
The .csr file corresponding to your selection is automatically generated and downloaded. You can now use it to purchase the SSL certificate from the Certificate Authority that your company approves. If you need to download CSR again, follow the steps detailed in this section.
Once your CSR has been generated and downloaded, you can use it to purchase an SSL certificate from a Certificate Authority approved by your organization.
After the SSL certificate has been purchased, you will be able to install it on your instance to secure your subdomain. Learn more
Download the CSR
In order to purchase an SSL certificate, you first need to download the Certificate Signing Request. CSR is automatically downloaded after it has been generated. You can also download it again at any time from the Job Logs:
-
In the Job Logs, select the Finished tab, then filter the list in order to display jobs related to subdomains management.
-
Open the job corresponding to the generation of the CSR, then click the Downbload link to get the .csr file.
Install the SSL certificate
Once an SSL certificate has been purchased, you can install it on your instance. Before proceeding, make sure you are aware of the prerequisites below:
-
The Certificate Signing Request (CSR) must have been generated from the Control Panel. Otherwise, you will not be able to install the certificate from the Control Panel.
-
The certificate Signing Request (CSR) should match the subdomain that has been configured to work with Adobe. For example, it cannot contain more subdomains than the one that has been configured.
-
The certificate should have a current date. It is not possible to install certificates with dates in the future, and should not be expired (i.e. valid start and end dates).
-
The certificate should be issued by a trusted certificate authority (CA) such as Comodo, DigiCert, GoDaddy, etc.
-
The size of the certificate should be 2048 bits and the algorithm should be RSA.
-
The certificate should be in X.509 PEM format.
-
SAN certificates are supported.
-
Wildcard certificates are not supported.
-
The ZIP file or the certificate should not be password protected.
-
The ZIP file should only contain the following in preferably individual files:
- End-Entity Certificate.
- Intermediate Certificate Chain (arranged in proper order).
- Root certificate (Optional).
To install the certificate, follow these steps:
-
In the Subdomains & Certificates card, select the desired instance, then click the Manage Certificate button.
-
Select 3 - Install Certificate Bundle, then click Next to launch the wizard that will guide you through the certificate installation process.
-
Select the .zip file that contains the certificate to install, then click Submit.
Once the SSL certificate is installed, the certificate’s expiration date and status icon are updated accordingly.