Loading
Upcoming Mandatory Changes to Public Key Infrastructure (PKI)Read More
Salesforce Enforces New Security Requirements in Summer 2026Read More
Marketing Cloud Engagement
Table of Contents
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

          Search all of Salesforce Help
          SSL Certificates for Custom Domain Security

          SSL Certificates for Custom Domain Security

          Use a Secure Socket Layer (SSL) certificate to improve the security of your page-based interactions. Give your subscribers and contacts more confidence when they visit pages that you host with Marketing Cloud Engagement. A certificate adds a layer of encryption to the transfer of sensitive or personal information. This encryption helps prevent external parties from accessing information sent to or from your contacts.

          Marketing admins can secure custom domains that have a DNS Status of Delegated or Self-Hosted.

          Prerequisites

          Configure the Sender Authentication Package (SAP) or Private Domain feature in your account. For more information, contact your account executive.

          Each subdomain requires one SSL certificate license.

          SSL Certificate Functionality

          Each subdomain requires a unique SSL certificate. Use SSL certificates to secure these content types:

          • CloudPages
          • Legacy landing pages
          • Email tracking links
          • View email as a web page links
          • Portfolio and Content Builder content

          You can configure a domain for a single business unit, or share a domain across many business units. The number of business units that you have doesn’t influence how many certificates you require.

          Certificates Acquired by Salesforce

          You can use Salesforce-provided SSL certificates to secure your domains. You acquire these certificates from Salesforce’s certificate authority, and Salesforce manages the renewal of each certificate. Salesforce uses DigiCert as the certificate authority.

          When you use a Salesforce-supplied certificate, the custom domain is secured in less than 10 days after you secure the domain with an SSL certificate supplied by Salesforce. When you select this option, you don’t have to take any additional steps to install or renew the certificate.

          Certificates Acquired from a Different Certificate Authority

          If you prefer to use your own SSL certificate, you can upload it to Marketing Cloud Engagement. When you bring your own SSL certificate, you’re responsible for renewing and updating it before it expires.

          • Secure a Domain with an SSL Certificate Supplied by Salesforce
            Secure a Sender Authentication Package (SAP) or CloudPages custom domain in Marketing Cloud Engagement using an SSL certificate provided by Salesforce.
          • Secure a Domain Using a Custom SSL Certificate
            You can obtain an SSL certificate for Marketing Cloud Engagement from a certificate authority (CA). The CA that you use must let you use your own certificate signing request (CSR) rather than generate one for you. Image domains don’t support customer-supplied certificates, because the service is delivered from a shared infrastructure that uses common certificates. Salesforce uses DigiCert and Amazon as the certificate authorities.
           
          Loading
          Salesforce Help | Article