SSL Certificates in Marketing Cloud

With Google making secure sites using SSL a standard and punishing insecure sites with their Chrome browser, it is ever increasingly more important to make sure that you install an SSL certificate to your CloudPage URLs/landing pages/microsites and images hosted in Marketing Cloud.

You can either purchase the SSL certificate yourself or purchase it through Marketing Cloud as part of the Sender Authentication Package. You will need two (2) SSL certificates, (1) for the sender authentication domain and, (2) for portfolio content (must be purchased through Marketing Cloud — see below):

There are two configuration options for the SSL certificate:

  1. Securing microsite, landing page, or CloudPage URLs which would typically use your existing Sender Authenticated domain (e.g.,, or With this option we can also secure view. and click. URLs for links within your SFMC content (e.g. and
  2. Securing portfolio content URLs, which use your existing Sender Authenticated domain (e.g.

As mentioned by Marketing Cloud, SSL is technically not part of the Sender Authentication Package (SAP) and can be purchased as an add-on:

SSL is not included in our Sender Authentication Package, but can be purchased as an add-on to secure microsite, landing page, or CloudPages URLs or image URLs in an account.

If purchased through Marketing Cloud, they procure the certificates through the certificate authority of DigiCert. If purchased yourself, you’ll need to provide the Certificate Signing Request (CSR) to support and a copy of the certificate as well as the intermediate/chain link certificate.

Certificates for portfolio/image content will need to be purchased through Marketing Cloud as they use the image host Akamai for the certificate.

The SSL certificate for links (beginning with click. and view.), you will need to decide if you would like references made directly to HTTP to work as-is or to be forced to be redirected to HTTPS. General link pathways will default to the HTTPS regardless of the redirect.

If the force redirect feature is used, take into account current pages that are coded in just HTTP as there can be mixed content errors or hard coded HTTP, etc.)

You will need to reach out to your Account Executive or Marketing Cloud support to begin the process of installing an SSL certificate to your Marketing Cloud domains.

More about SSL Certificate for and using HTTPS in Content Builder in this Salesforce StackExchange question/answer.


  1. Hi,

    once the SSL is ordered. How do i configure it in marketing cloud as SFMC mentions that SUPPORT IS NOT INVILVED IN INSTALLATION ON SSL?

    Do you have any links where i can check that out?

    Thank you.

  2. If the forced redirect to https is implemented, does that mean we have to rebuild our cloud pages? Our preference center is currently hosted on a cloud page (http) so wondering if that will break once they implement the ssl

    1. You will have to rebuild those Cloud Pages. Cloud Pages that were created before SSL implementation will need to be recreated in order to reflect the HTTPS URL.

Leave a Reply

Your email address will not be published. Required fields are marked *