SSL Click Tracking
Understand how SSL ensures secure and uninterrupted data tracking.
Overview
Secure Sockets Layer (SSL) for click tracking involves implementing Secure Sockets Layer (SSL) encryption protocols to ensure secure communication between user devices and the click tracking system. This encryption protects sensitive information, such as URLs or click data, transmitted between the user's browser and the tracking server, safeguarding it from potential interception or manipulation by malicious actors. Using SSL, click-tracking systems enhance data privacy and security, fostering user trust and ensuring compliance with privacy regulations.
If your links in CleverTap emails redirect users to the following warning page, it is likely because SSL click tracking has not been implemented:
This warning may appear differently across various browsers. The issue occurs because links generated by CleverTapβs email service provider (Sendgrid) are non-secure (HTTP) by default. While some users may not encounter issues with these links, others may see this error if their browser blocks mixed content.
Methods For Setting Up SSL
There are two methods to set up SSL click tracking for senders using Sendgrid with a custom domain, these are:
- Using CDN Service
You can manage SSL certificates and keys for your assigned link domain using a CDN service, such as Cloudflare, Fastly, or KeyCDN. The CDN also handles DNS CNAME records and SSL domain forwarding to sendgrid.net. - Creating a Custom SSL Configuration
You can create a custom SSL configuration. These CDN services then forward traffic to SendGrid for click tracking. Here are the prerequisites for setting up a custom SSL configuration:- Before proceeding with creating a custom SSL configuration, it is essential to know your link branding domain. To find out, send an email to the Email Success Team.
- Prepare a proxy (such as a web application, NGINX, or Amazon API Gateway) to redirect traffic for your click-tracking host link.yourdomain.com and forward it to http://sendgrid.net or https://sendgrid.net
- Set up the proxy to use HTTP or HTTPS. For HTTPS, provide a valid SSL certificate for the click-tracking host link.yourdomain.com.
- To forward traffic, set the Host HTTP header to link.yourdomain.com domain.
Point the CNAME record for link.yourdomain.com to your proxy. For example, the CNAME record should be link.yourdomain.com -> proxy.example.com.
For more information, refer to SendGrid's custom SSL setup steps.
SSL Setup
The SSL setup is done outside CleverTap in a third-party environment. For support related to SSL setup, contact the CDN/web host of your choice.
Collaborate with your development team to verify that your server is configured correctly.
Once the SSL setup is complete, write to CleverTap Email Support Team or update your existing Zendesk ticket. CleverTap then tests and enables SSL click and open tracking with our Email Service Provider (ESP).
Sample SSL Click Tracking Flow
SSL can be configured at your link domain through your Email Service Provider (ESP) to enable secure click and open tracking. However, setting up SSL may require additional configuration, such as managing SSL keys.
To ensure secure and seamless click tracking with a custom domain, the following flow must be implemented:
- Custom Tracking Domain: Email links use a custom tracking domain such as https://link.domain.com. This domain is set up to use HTTPS, ensuring the connection is encrypted and secure.
- DNS Security: A DNS CNAME (Canonical Name) record is configured to point your custom domain (For example, link.domain.com) to Sendgridβs domain. This CNAME record ensures that when users click on the link, it redirects to Sendgridβs servers while displaying your custom domain.
- Secure Web Server Connection: The connection between your custom domain and Sendgrid is secured using SSL encryption. Data transferred from your domain to Sendgridβs servers is encrypted, protecting it from potential interception or tampering.
- Forwarding Security: Once the secure connection is established, the request is forwarded from your custom domain to Sendgrid. This forwarding is done securely to maintain data protection.
- Sendgridβs Servers: The request reaches Sendgridβs servers (sendgrid.net), where click tracking and email processing are handled. Sendgrid processes the data and provides the necessary tracking functionalities.
This ensures that the entire process, from the user's click to the tracking server, is secure, maintaining the integrity and confidentiality of the data.
Overview
SSL for click tracking involves implementing Secure Sockets Layer (SSL) encryption protocols to ensure secure communication between users' devices and the click tracking system. This encryption protects sensitive information, such as URLs or click data, transmitted between the user's browser and the tracking server, safeguarding it from potential interception or manipulation by malicious actors. By using SSL, click-tracking systems enhance data privacy and security, fostering user trust and ensuring compliance with privacy regulations.
If your links in CleverTap emails redirect users to the following warning page, it is likely because SSL click tracking has not been implemented:
This warning may appear differently across various browsers. The issue arises because links generated by CleverTapβs email service provider (Sendgrid) are non-secure (HTTP) by default. While some users may not encounter issues with these links, others may see this error if their browser blocks mixed content.
Methods For Setting Up SSL
The following are the two options to set up SSL click tracking:
- Using CDN Service
You can manage SSL certificates and keys for your assigned link domain using a CDN service, such as Cloudflare, Fastly, or KeyCDN. The CDN also handles DNS CNAME records and SSL domain forwarding to sendgrid.net. - Creating a Custom SSL Configuration
You can create a custom SSL configuration. These services then forward traffic to SendGrid to perform click tracking. The following are the prerequisites for setting up a custom SSL configuration:- Before proceeding with creating a custom SSL configuration, it is essential to know your link branding domain. To know your branding domain, send an email to the Email Success Team.
- Prepare a proxy (like a web application, NGINX, or Amazon API Gateway) to take all traffic for your click-tracking host link.yourdomain.com and forward it to http://sendgrid.net or https://sendgrid.net
- Set up the proxy to use HTTP or HTTPS. For HTTPS, provide a valid SSL certificate for the click-tracking host link.yourdomain.com.
- To forward traffic, set the Host HTTP header to link.yourdomain.com domain.
Point the CNAME record for link.yourdomain.com to your proxy. For example, the CNAME record should be link.yourdomain.com -> proxy.example.com.
For more information, refer to SendGrid's custom SSL setup steps.
CDN Support
The SSL setup is done outside CleverTap in a third-party environment. For support related to SSL setup, contact the CDN/web host of your choice.
Sample SSL Click Tracking Flow
SSL can be configured at your link domain through your Email Service Provider (ESP) to enable secure click and open tracking. However, setting up SSL may require additional configuration, such as managing SSL keys.
To ensure secure and seamless click tracking with a custom domain, the following flow must be implemented:
- Custom Tracking Domain: Links in the emails use a custom tracking domain, such as https://link.domain.com. This domain is set up to use HTTPS, which ensures that the connection is encrypted and secure.
- DNS Security: A DNS CNAME (Canonical Name) record is configured to point your custom domain (e.g., link.domain.com) to Sendgridβs domain. This CNAME record ensures that when users click on the link, it redirects to Sendgridβs servers while displaying your custom domain.
- Secure Web Server Connection: The connection between your custom domain and Sendgrid is secured using SSL encryption. This means that data transferred from your domain to Sendgridβs servers is encrypted, protecting it from potential interception or tampering.
- Forwarding Security: Once the secure connection is established, the request is forwarded from your custom domain to Sendgrid. This forwarding is done securely to maintain data protection.
- Sendgridβs Servers: Lastly, the request reaches Sendgridβs servers (sendgrid.net), where the click tracking and email processing are handled. Sendgrid processes the data and provides the necessary tracking functionalities.
This ensures that the entire process, from the user's click to the tracking server, is secure, maintaining the integrity and confidentiality of the data.
Important
- Work with your development team to ensure your server is configured correctly
- Once the SSL setup is complete, write to CleverTap Email Support Team or update your existing Zendesk ticket so that CleverTap can test and enable SSL click and open tracking with our Email Service Provider (ESP).
Updated about 2 months ago