Configure domains and certificates

This article explains how to configure domains and certificates for first-party domains

To configure first-party domains for your account, you must have the Manage Account permission.

To get started, navigate to iQ Tag Management > User Menu > First-Party Domains.

Selecting a service to configure

Determine which of the following services to configure:

  • Server-Side Data Collection/DLE
    Map one or more of your domains to Tealium to allow first-party data collection for EventStream and AudienceStream.
  • Client-Side Delivery
    Map one or more of your domains to Tealium to allow first-party file delivery.

Domains and certificates for Collection and Delivery are managed separately.

Next, click Configure Certificate and select one of the following:

  • Generate Certificate
    Tealium generates and manages the SSL/TLS certificate.
  • Provide Certificate
    Upload your own certificate files. If you use your own certificate, Tealium cannot automatically renew it.

Select a region

To configure a domain and certificate for data collection, select the region in which your primary account operates:

  • Germany
  • Hong Kong
  • Ireland
  • Sydney
  • Tokyo
  • US East

The certificates are stored and configured on the Tealium endpoint in the region selected for the first-party domain. If the region for the first party domain is set to a different region than the region for the profile, the event and visitor data is collected in the first-party domain region and forwarded to the region configured for the profile.

Select the type of validation

  • DNS Validation
    To validate using DNS, you will be provided validation DNS records to add to your DNS database. After these records are propagated and validated, you will be provided permanent records that you must add to your DNS database. You must have access to edit your DNS configuration and add the permanent records to your DNS configuration.

Your DNS configuration must include the validation records and the permanent records. The validation records are used when you add domains to a certificate and for auto-renewal of the certificate.

  • Email Validation
    To validate using email, an email message will be sent to the administrator email address associated with the requested domains. You must be able to receive these email messages to validate your ownership of the domains. You will receive one email message for each domain containing a validation token that expires in 72 hours. If you do not receive the email or the token has expired, return to the main screen and click Resend Email.

Add domains

The first-party domains you specify are typically subdomains of your customer-facing website. For example, the website located at www.example.com would use a subdomain named tags.example.com as a first-party domain for tag management services.

Enter the first-party domain you want to use, omitting https:// and the ending slash.

First-party domains apply to all profiles in your account. Enter a subdomain for each site managed by this account.

View domain contact info

After you enter a domain, click View Contact Info to view the WHOIS database information for that domain. If the WHOIS database contains contact information for the domain, such as a name, mailing address, email address, or phone number, the contact information is displayed. Verify that the information is correct.

Click + Add Another Domain to add additional domains. When the maximum number of domains for the account is reached, + Add Domain is grayed out. Click Next when you have finished entering domains.

Accept the agreement

To continue, accept the agreement to allow Tealium to manage certificates for the provided domains.

DNS validation

If you chose DNS validation, the following messages are displayed:

plat-perms-cert-generated

When you first request the certificate, validation DNS records (CNAME records or A records) are displayed. After the validation process is completed, the permanent records are displayed. The validation DNS records are used when you add a domain to a certificate and for auto-renewal of the certificate. Do not delete the validation DNS records.

When the validation process is completed, one or more permanent DNS records are displayed. Each record contains a Name and Value that you must enter into your DNS provider’s web interface to update the records.

The record name appears in the format _X.sub.example.com. where X is a generated alpha-numeric string and sub.example.com is the first-party domain you entered.

Example record name:

_4c71ce829d13dacf824b18af1067d273.tags.example.com.

DNS providers are inconsistent in their handling of the record name (or name) field. In some cases, you are expected to provide the entire value as shown above, while other providers automatically append the domain name to the value you enter.

The record value is similar and appears in the format _X.Y.acm-validations.aws. where X.Y is a generated alpha-numeric string.

Example record value:

_6e23f25da49d05e43a419ea7c5f4162d.zzxlnyslwt.acm-validations.aws.

Email validation

If you chose email validation, the following message is displayed:

generated-email-confirm

When the validation process is completed, your permanent DNS records are displayed, as follows:

plat-perms-perm-dns

Configuring your own certificate

If you provide your own certificate, you are responsible for renewing the certificate before it expires. Your certificates must meet the AWS requirements for importing certificates. For more information, see AWS Prerequisites for importing certificates.

To configure your own certificate, select a region. The certificates are stored and configured on the Tealium endpoint in the region selected for the first-party domain. If the region for the first party domain is set to a different region than the region for the profile, the event and visitor data is collected in the first-party domain region and forwarded to the region configured for the profile.

Upload the following PEM-encoded files:

  • Certificate
  • Certificate Chain
  • Private Key

The Private Key must match the Public Key in the certificate and must not be encrypted with a password.

The domains for the certificate are displayed. Verify that the list of domains is correct and click Save.

fpd cert domains

The following message is displayed when your certificate files have been uploaded:

fpd own cert uploaded

When the domain status is changed to Issued, your domains are ready to use.

Confirmation

The following message is displayed while your domain information is being validated:

Please wait while domain information is validated. This won't take long.

Domain statuses

During the setup and validation process the domain certificate could appear with one of the following statuses:

  • Issued: All domains are validated and the certificate is not expired nor about to expire.
  • Expired: The certificate is expired.
  • Pending Validation: One or more domains attached to the certificate are not validated.

The domain validation must occur within 72 hours.

If the validation period expires, request a new certificate for the same domain. The DNS validation records are the same for subsequent requests of the same domain.


 

Was this page helpful?

This page was last updated: January 7, 2023