Overview

SSL for click tracking involves implementing Secure Sockets Layer (SSL) encryption protocols to ensure secure communication between users' devices and the click tracking system. This encryption protects sensitive information, such as URLs or click data, transmitted between the user's browser and the tracking server, safeguarding it from potential interception or manipulation by malicious actors. By using SSL, click-tracking systems enhance data privacy and security, fostering user trust and ensuring compliance with privacy regulations.

If your links in CleverTap emails redirect users to the following warning page, it is likely because SSL click tracking has not been implemented:

This warning may appear differently across various browsers. The issue arises because links generated by CleverTap’s email service provider (Sendgrid) are non-secure (HTTP) by default. While some users may not encounter issues with these links, others may see this error if their browser blocks mixed content.

Methods For Setting Up SSL

The following are the two options to set up SSL click tracking:

• Using CDN Service
  You can manage SSL certificates and keys for your assigned link domain using a CDN service, such as Cloudflare, Fastly, or KeyCDN. The CDN also handles DNS CNAME records and SSL domain forwarding to sendgrid.net.
• Creating a Custom SSL Configuration
  You can create a custom SSL configuration. These services then forward traffic to SendGrid to perform click tracking. The following are the prerequisites for setting up a custom SSL configuration:
  • Before proceeding with creating a custom SSL configuration, it is essential to know your link branding domain. To know your branding domain, send an email to the Email Success Team.
  • Prepare a proxy (like a web application, NGINX, or Amazon API Gateway) to take all traffic for your click-tracking host link.yourdomain.com and forward it to http://sendgrid.net or https://sendgrid.net
  • Set up the proxy to use HTTP or HTTPS. For HTTPS, provide a valid SSL certificate for the click-tracking host link.yourdomain.com.
  • To forward traffic, set the Host HTTP header to link.yourdomain.com domain.
    Point the CNAME record for link.yourdomain.com to your proxy. For example, the CNAME record should be link.yourdomain.com -> proxy.example.com.

For more information, refer to SendGrid's custom SSL setup steps.

📘

CDN Support

The SSL setup is done outside CleverTap in a third-party environment. For support related to SSL setup, contact the CDN/web host of your choice.

Sample SSL Click Tracking Flow

SSL can be configured at your link domain through your Email Service Provider (ESP) to enable secure click and open tracking. However, setting up SSL may require additional configuration, such as managing SSL keys.

To ensure secure and seamless click tracking with a custom domain, the following flow must be implemented:

• Custom Tracking Domain: Links in the emails use a custom tracking domain, such as https://link.domain.com. This domain is set up to use HTTPS, which ensures that the connection is encrypted and secure.
• DNS Security: A DNS CNAME (Canonical Name) record is configured to point your custom domain (e.g., link.domain.com) to Sendgrid’s domain. This CNAME record ensures that when users click on the link, it redirects to Sendgrid’s servers while displaying your custom domain.
• Secure Web Server Connection: The connection between your custom domain and Sendgrid is secured using SSL encryption. This means that data transferred from your domain to Sendgrid’s servers is encrypted, protecting it from potential interception or tampering.
• Forwarding Security: Once the secure connection is established, the request is forwarded from your custom domain to Sendgrid. This forwarding is done securely to maintain data protection.
• Sendgrid’s Servers: Lastly, the request reaches Sendgrid’s servers (sendgrid.net), where the click tracking and email processing are handled. Sendgrid processes the data and provides the necessary tracking functionalities.

This ensures that the entire process, from the user's click to the tracking server, is secure, maintaining the integrity and confidentiality of the data.

📘

Important

• Work with your development team to ensure your server is configured correctly
• Once the SSL setup is complete, write to CleverTap Email Support Team or update your existing Zendesk ticket so that CleverTap can test and enable SSL click and open tracking with our Email Service Provider (ESP).