Loading

Install a SSL Certificate on B2C Commerce

Publish Date: Apr 16, 2026
Description

This article describes how to install a storefront SSL certificate on the Salesforce Commerce B2C platform for storefront sites.

 

Environment: All PIG instances (Production, Development & Staging)

 

NOTE: This article does NOT apply to sandboxes because they do NOT currently support custom SSL certificates and only serve the default demandware.net certificate.

Resolution

Overview 

Before proceeding, you need to do the following:

  1. Determine whether you have a legacy zone or proxy zone by logging into Business Manager, going to AdministrationEmbedded CDN Settings, and finding the hostname. If the DNS CNAME for the hostname in question starts with commcloud and ends with cc-ecdn.net, it is a proxy zone.  

  2. Determine whether you will utilize your own SSL certificate i.e. a self-managed certificate OR use the eCDN managed certificate option (only available for proxy zones).

    • If using a self-managed certificate, please do the following before moving forward:

      • Create a CSR from a CSR generator of your choice.

      • Use the generated CSR to generate an SSL certificate with the Certificate Authority (CA) of your choice.

      • Ensure that the generated certificate and private key are in PEM format and not encrypted when uploading via Business Manager. Your private key must also be decrypted in the old RSA format via the command openssl pkcs8 -in key.pem -out rsakey.pem

      • Note: If you are using a legacy zone and would like to leverage eCDN managed certificates, you can migrate to a proxy zone as outlined here.
    • If using an eCDN managed certificate, you can view more information here.
  3. Determine which process for installing storefront SSL certificates you want to use: 
  4. Do we need to install an intermediate certificate in Business Manager?

    Installing SSL Certificates using Business Manager

    Installing a new storefront SSL certificate

    1. Review the Configure the Embedded CDN topic.

    2. Complete the Configure the eCDN Hostname Alias and Create a Zone in B2C Commerce steps.

    3. After you receive the SSL certificate from the CA as mentioned above, make sure the certificate and private key are in PEM format and not encrypted when uploading and then install the certificate and private key in Business Manager via Administration > Sites > Embedded CDN Settings as outlined in the Add a SSL Certificate to an eCDN Zone and Configure DNS Mapping section.

    4. Complete the remaining applicable steps: Configure a Zone for B2C Commerce and Add Hostnames (Subdomains).

    Renewing expiring SSL certificates

    1. To renew an expiring certificate, follow the instructions in Update an eCDN Zone's Certificate.

    2. After successfully installing the new certificate, delete any old and/or replaced certificates.

     


    Here's a quick video tutorial on how to install an SSL certificate for your storefront.




     

    Installing SSL Certificates using the CDN API

    Installing a new storefront SSL certificate

    If you do not have an existing storefront SSL certificate for the sites or if your existing SSL certificate has expired, follow the steps in Use the CDN Zones API to Configure eCDN.


    Renewing expiring SSL certificates 

    1. Use the getCertificates command to get the ID of the certificate that needs to be replaced.

    2. Use the updateCertificate command to update the certificate.

    3. (Only necessary if your realm was created prior to June 2023) Please complete the post migration steps to validate your eCDN traffic flow and setup.

    Knowledge Article Number

    000391588

     
    Loading
    Salesforce Help | Article