The recommended process for implementing a new first-party SSL certificate for first-party cookies.
The Adobe Managed Certificate program lets you implement a new first-party SSL certificate for first-party cookies at no additional cost. If you currently have your own Customer Managed SSL certificate, speak with Adobe Customer Care about migrating to the Adobe Managed Certificate Program.
How to implement a new first-party SSL certificate for first-party cookies:
Fill out the request form and open a ticket with Customer Care requesting to set up first-party cookies on the Adobe Managed program.
Each field is described within the document with examples.
Create CNAME records.
Upon receiving the ticket, a FPSSL specialist should provide you with a pair of CNAME records. These records must be configured on your company's DNS server before Adobe can purchase the certificate on your behalf. The CNAMES will be similar to the following.
For example, the hostname: smetrics.example.com points to: example.com.ssl.d1.omtrdc.net.
For example, the hostname: metrics.example.com points to: example.com.d1.omtrdc.net.
See Create CNAME Records for more information.
When these CNAMES are in place, Adobe will work with DigiCert to purchase and install a certificate on Adobe's production servers.
If you have an existing implementation, you should consider Visitor Migration to maintain your existing visitors.
After the certificate has been pushed live to Adobe’s production environment, you will be able to update your tracking server variables to the new hostnames. Meaning, if the site is not secure (https), update the s.trackingServer. If the site is secure (https), update both s.trackingServer and s.trackingServerSecure variables.
SSL certificates expire each year, meaning Adobe must purchase a new certificate for each implementation on a yearly basis. All supported users within your organization will receive an email notification each time an implementation is close to expiration. For Adobe to renew your hostname, one supported user will must reply to the email from Adobe and indicate that you plan to continue using the expiring hostname for data collection. At that point, Adobe automatically purchases and installs a new certificate.
Is this process secure?
Yes, the Adobe Managed program is more secure than our legacy method as no certificate or private key changes hands outside of Adobe and the issuing certificate authority.
How can Adobe purchase a certificate for our domain?
The certificate can only be purchased when you have pointed the specified hostname (for example, smetrics.example.com) to an Adobe owned hostname. This is essentially delegating this hostname to Adobe and allows Adobe to purchase the certificate on your behalf.
Can I request the certificate be revoked?
Yes, as the owner of the domain, you are entitled to request we have the certificate revoked. You will only need to open a ticket with Customer Care to have this completed.
Will this certificate be using SHA-2 encryption?
Yes, Adobe will work with DigiCert to issue a SHA-2 certificate.
Does this have any additional cost?
No, Adobe is offering this service to all current Analytics customers at no additional cost.