Bronto Support’s Most Common Questions: SSL Certificates & Private Domains

Ashley Hennings, Support Engineer

Ashley Hennings, Support Engineer

Bronto Support receives a myriad of questions about SSL certificates.  There is a lot to consider when making that decision.  Common questions we hear are:  Should my account have one? What kind do I need?  My vendor said they have their own CSR … by the way, what is a CSR? What will change in my account after this is installed?  We want to share the answers to these questions in hopes of making this process as seamless as possible.

What’s the Difference Between a Private Domain and an SSL Certificate?

A private domain is a subdomain of the primary domain that your company uses. For instance, email.example.com and newsletter.example.com are subdomains of the example.com domain.

By default, your emails are sent from the bronto.com domain. Additionally, the from and reply to addresses (if Reply Tracking is enabled), URLs for click tracking, and all hosted webforms also use the bronto.com domain. This can potentially confuse contacts if your emails appear to be from a domain other than one they would associate with your company.

Using a private domain allows you to customize who your emails appear to be from and the domain used in the links contained therein. It also gives you more control over your email sending reputation since your reputation isn’t dependent on the emailing practices of other businesses.

Once your private domain is setup, a Secure Sockets Layer (SSL) certificate can be hosted with Bronto for your private domain. The SSL certificate increases security by providing secure communications.  Specifically, the SSL certificate will secure communications for the private domain that is set up with Bronto. Therefore, the SSL certificate relies on the private domain setup to be completed. For more information on what an SSL certificate is, please visit this site.

What Will an SSL Certificate Do for Me?

It will make your secured webforms work correctly! If you use a private domain and want to embed a Bronto Add Contact webform on your site, we recommend you host an SSL certificate with Bronto in order for secured (HTTPS) subdomain traffic to work properly.

When you use a private domain, Bronto uses the HTTP protocol to route traffic to your subdomains. This can cause an issue when you want to use a secure HTTPS link to route traffic to a secured location. For example, when a contact clicks an “Add Contacts” webform that is embedded on your site, their browser will issue a security warning due to the browser accessing an HTTPS location using the HTTP protocol.

Note: SSL certificates will not affect tracking links within your messages. Tracking links currently route through HTTP protocol regardless of SSL certificate hosting. Please keep this in mind when activating HSTS.

What is the Process for Hosting an SSL Certificate with Bronto? How long does it take?

To begin the process, first verify that your account has an active private domain.  The SSL certificate will require the identification of the private domain your account uses with Bronto.

Step 1. Verify your Bronto account has an active private domain set up at Home > Settings > Branding.

Step 2. Submit a web ticket to Bronto Support requesting to start the SSL certificate process and include the following information that will be associated with the SSL certificate:

  • Private domains to be secured with SSL certificates
  • Organization
  • Organization unit
  • State/Province
  • City/Location
  • Country

Step 3. Bronto Support will generate a Certificate Signing Request (CSR) with the information listed in Step 2 and provide it to you via the web ticket.

Step 4. Use the CSR provided by Bronto to purchase a GeoTrust-issued SSL certificate. The certificate should match these specifications:

Key length 2048 bits
Public key type RSA
Signature algorithm SHA256 + RSA
CN Domain you’re trying to secure
Expiration Set this to as long as possible.*

*You will need to acquire an updated certificate and provide the updated details to Bronto every time your certificate expires.

Bronto’s preferred GeoTrust subsidiary is RapidSSL, but you can use any of these to obtain your SSL certificate.

RapidSSL https://www.rapidssl.com/
IdenTrust http://www.identrust.com/index.html
Entrust http://www.entrust.com/
GlobalSign http://www.globalsign.com/
VeriSign http://www.verisign.com/  (including Symantec)

If you are unsure which to use, or have questions on this step, please work with your developers.

Step 5. Attach the certificate authority email that contains both the certificate and link to any needed intermediate certificates to the Bronto Support web ticket.

Step 6. Bronto Support will contact you via the web ticket to confirm that the SSL certificate has been added to your account.

Step 7. After support has confirmed that the SSL certificate has been added to your account, update the DNS A record for your private domain to point to 216.27.63.7.

Bronto wants to help you get your SSL certificate up and running as quickly as possible.  Much like requesting private domain setup with Bronto, each step relies upon the previous step. So, the SSL certificate process will move as quickly as your information is returned to Bronto.

Is there anything else I should know?

Bronto requires the SSL certificate to be for the specific subdomain referenced in the web ticket. This means that we do not support wildcard certificates. Also, the SSL certificate must be generated using the CSR provided by Bronto, so make sure that all of the information provided in your first Support case is accurate. If something changes, the CSR must be recreated and the process started over.

Ready to get started?