SSL Certificates: What They Are and How to Obtain Them. Can MDirector Do It for You?

What SSL Certificates are used for?

SSL certificates (Secure Sockets Layer) are digital certificates that authenticate a website's identity and enable a secure, encrypted connection between the web server and the user’s browser. This encryption ensures that data transmitted between the user and the server, such as passwords, credit card information, and personal details, is protected from unauthorized access or theft.

In the context of Email Marketing, SSL certificates play a crucial role in authenticating a custom domain used for sending emails. This assures recipients that the email comes from a legitimate source, which is critical to prevent phishing attacks.

SSL is also essential for supporting secure protocols like SMTPS (SMTP over SSL) and HTTPS on web pages linked in your emails. These protocols ensure that any user interaction with your email marketing campaign, such as clicking a link, is secure.

How to Obtain SSL Certificates to Validate Your Domain or Subdomain

For hosting landing pages and tracking emails, clients must use secure domains or subdomains (https). To configure this, follow these steps:

• Set up landing page hosting: Refer to this article: https://mdtr.io/l6iGi 
• Set up email tracking: Refer to this article: https://mdtr.io/vRGTg 

Then, send the SSL certificates for the subdomain to soporte@mdirector.com, so we can configure them on our end. Note that for the certificate to be valid for MDirector, it must have a minimum duration of one year.

Components of SSL Certificates

SSL certificates include the following components:

• CRT (Certificate): The main certificate that contains the domain name, the server’s public key, and the digital signature of the issuing certificate authority.
• CA (Certificate Authority): Also known as the intermediate certificate. While not strictly part of the SSL certificate, it is vital for its functionality. This file contains the public key of the certificate authority that issued the certificate. Web browsers trust certain CAs to validate SSL certificates. Including the CA file in the verification process is essential for ensuring the certificate’s reliability.
• KEY: The private key generated on the server where the certificate was issued. This key is secret and must be kept secure, as it is used to decrypt information encrypted by the certificate. It should never be shared publicly or stored in an open repository.
• CSR (Certificate Signing Request): A file generated on the web server where the SSL certificate will be installed. It contains the public key and domain information. The CSR is sent to a certificate authority for signing, and once the CRT is issued, the CSR is no longer needed for installation.

You must obtain these components and send the first three files to soporte@mdirector.com.

Steps to Obtain SSL Certificates

1. Choose a Certificate Authority (CA)
   Several recognized CAs include Let’s Encrypt, DigiCert, GlobalSign, Sectigo, and GoDaddy, among others. Research and select the one that best meets your needs in terms of cost, support, and features. You can also check if your hosting provider offers SSL certificates.
2. Generate a CSR
   Use the server hosting your email or website to generate a CSR, usually via command line or tools like OpenSSL. The CSR includes basic information about the domain and organization being validated.
   A typical command to generate a CSR using OpenSSL is:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Complete the required fields (country, state, city, organization name, domain name, etc.).

1. Send the CSR to the CA
   On the CA’s website, begin the process of requesting an SSL certificate. Upload the generated CSR during this process.
2. Domain Validation
   The CA will verify domain ownership through methods such as:
   • Validation Email: The CA sends an email to a registered address like admin@yourdomain.com. Click the link to confirm ownership.
   • DNS Validation: Add a specific TXT record to your DNS configuration.
   • HTTP/HTTPS Validation: Upload a file provided by the CA to a specific location on your web server.
3. Receive and Download the SSL Certificate
   After completing the validation, the CA will issue your SSL certificate, typically valid for one year, which must be renewed annually.

Delivering SSL Certificates to MDirector

As explained, MDirector requires three files: the CRT, the CA, and the KEY. These must be delivered in a single PEM-formatted file that concatenates all three. If your SSL certificate is in another format (e.g., .crt or .der), you’ll need to convert it to .pem using tools like OpenSSL.

• Convert a .crt to .pem:

openssl x509 -in certificate.crt -out certificate.pem -outform PEM

• Convert a private key to .pem:

openssl rsa -in private.key -out private.pem

• Concatenate the files into one .pem file:

cat certificate.pem private.pem > fullchain.pem

Important: Certificates submitted to MDirector must have at least one year of validity.

Can MDirector Manage SSL Certificate Procurement?

If you’d like MDirector to handle the procurement and renewal of your SSL certificates, we can do so. Contact soporte@mdirector.com to discuss your requirements. Please specify the domains or subdomains and the services where you intend to use the certificates.