Show Menu
TOPICS×

CNAME and Adobe Target

Instructions about working with Adobe Client Care to implement CNAME (Canonical Name) support in Adobe Target. To best handle ad blocking issues, or ITP-related cookie policies, a CNAME is used so calls are made to a domain owned by the customer rather than a domain owned by Adobe.

Request CNAME support

Perform the following steps to request CNAME support in Target:
  1. Adobe's certificate authority (DigiCert) needs to verify Adobe is authorized to generate certificates under your domain.
    DigiCert calls this process Domain Control Validation (DCV), and Adobe will not be allowed to generate a certificate under your domain until this process is complete.
    DCV uses a few methods, and there a few things you can do before opening an Adobe Client Care ticket (step 3) to help expedite the DCV process:
    • DigiCert will first try the email method, in which they send emails to addresses found in the domain's WHOIS information as well as pre-determined email addresses (admin, administrator, webmaster, hostmaster, and postmaster @[domain_name] ). See the DCV methods documentation for more information.
      To expedite the DCV email process, DigiCert provides the following recommendation:
      "Please verify that your registrar/WHOIS provider has not masked or removed #. If they are, find out if they provide a way (e.g., anonymized email address, web form) for you to allow # to access your domain’s WHOIS data."
    • If the DCV email method is not an option for you, the next method is the DNS TXT method, in which you add a DNS TXT record to your domain with a hash value. This TXT record indicates to DigiCert that Adobe is authorized to generate the certificate. If you need to use this method, let Adobe Client Care know when you open a ticket (step 3). This will help expedite the DCV process.
  2. Create a CNAME record on your domain's DNS pointing to your regular hostname clientcode.tt.omtrdc.net . For example, if your client code is cnamecustomer and your proposed hostname is target.example.com , your DNS CNAME record should look something like this:
    target.example.com  IN  CNAME  cnamecustomer.tt.omtrdc.net.
    
    
  3. Adobe will work with DigiCert to purchase and deploy your certificate on Adobe's production servers. DigiCert will initiate the DCV process and Adobe Client Care will notify you when your implementation is ready.
  4. After completing the preceding tasks and Adobe Client Care has notified you that the implementation is ready, you must update the serverDomain to the new CNAME in at.js.

Frequently Asked Questions

The following information answers frequently asked questions about requesting and implementing CNAM support in Target:

Can I provide my own certificate? If so, what's the process?

Yes, you can provide your own certificate, to do so:
  1. Skip step 1 above, but complete steps 2 and 3. When you open an Adobe Client Care ticket (step 3), let them know you'll be providing your own certificate.
    Adobe will generate and send you a certificate signing request (CSR).
  2. Use the CSR to purchase the certificate through your chosen certificate authority (CA).
  3. Send the new public certificate to Adobe. Adobe representatives will deploy the public certificate on its production servers.
  4. Complete step 4 after Adobe Client Care has notified you that the implementation is ready.

I already have a CNAME implementation for Adobe Analytics, can we use the same certificate or hostname?

No, Target requires a separate hostname and certificate.

How can I validate my CNAME implementation is ready for traffic?

Use the following set of commands (in the MacOs or Linux command-line terminal, using bash and curl 7.49+):
  1. First paste this bash function into your terminal:
    function validateEdgeFpsslSni {
        domain=$1
        for edge in mboxedge{17,21,22,26,{28..33}}.tt.omtrdc.net; do
            echo "$edge: $(curl -sSv --connect-to $domain:443:$edge:443 https://$domain 2>&1 | grep subject:)"
        done
    }
    
    
  2. Next paste this command (replacing target.example.com with your hostname):
    validateEdgeFpsslSni target.example.com
    
    
    If the implementation is ready, you should see output like below. The important part is that all lines show CN=target.example.com , which matches our desired hostname. If any of them show CN=*.tt.omtrdc.net , the implementation is not ready.
    $ validateEdgeFpsslSni target.example.com
    mboxedge17.tt.omtrdc.net: *  subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com
    mboxedge21.tt.omtrdc.net: *  subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com
    mboxedge22.tt.omtrdc.net: *  subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com
    mboxedge26.tt.omtrdc.net: *  subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com
    mboxedge28.tt.omtrdc.net: *  subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com
    mboxedge29.tt.omtrdc.net: *  subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com
    mboxedge30.tt.omtrdc.net: *  subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com
    mboxedge31.tt.omtrdc.net: *  subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com
    mboxedge32.tt.omtrdc.net: *  subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com
    mboxedge33.tt.omtrdc.net: *  subject: C=US; ST=California; L=San Jose; O=Adobe Systems Incorporated; CN=target.example.com
    
    
  3. Validate your new DNS CNAME with another curl request, which should also show CN=target.example.com :
    curl -sSv https://target.example.com 2>&1 | grep subject:
    
    
    If this command fails but the validateEdgeFpsslSni command above succeeds, you might need to wait for your DNS updates to fully propagate.