Link Shortening and Click Tracking SSL FAQ
Time to read: 3 minutes
SSL, CSR, RSA? FAQ!
This blog post aims to answer some frequently asked questions around domains, DNS records, certificates, keys, and syntax configurations for use with our Link Shortening and Click Tracking features.
There’s a lot of minutiae to encryption and that’s for good reason – you need to be sure that your information and data hasn’t been read or tampered with by unauthorized parties. As with any well thought out protocol, there are a lot of moving parts, all of which need to fit together and continue moving like a hot knife through butter. This post will attempt to explain some of those moving parts, and show you what you need to be aware with with Link Shortening and Click Tracking.
Table of Contents
- Private Key Errors
- Is my private key in the wrong format or syntax?
- Can I manually edit my private key to convert it?
- How do I convert a
PKCS #12
private key to aPKCS #8
private key?
- Certificate Errors
- Can I use a wildcard certificate like *.example.com?
- Are Subject Alternative Names on TLS Certificates supported?
- How can I determine what domain names are on my certificate?
- Does certificate syntax really matter?
- Other Common Errors
- Can I use AWS ACM?
Private Key Errors
Is my private key in the wrong format or syntax?
There are many private key formats available. However, the Link Shortening and Click Tracking features currently only support PKCS #8
formatted keys i.e., private keys that start with BEGIN PRIVATE KEY
. A common mistake is trying to upload a PKCS #12
formatted key which instead begins with BEGIN RSA PRIVATE KEY
.
Can I manually edit my private key to convert it?
Manually replacing BEGIN RSA PRIVATE KEY
with BEGIN PRIVATE KEY
in a text editor does not change the format of your private key and will continue to result in errors. See below to learn how to convert your private key.
How do I convert a PKCS #12 private key to a PKCS #8 private key?
If you’re starting with a PKCS #12 private key, you can follow this 2-step process to convert it to a useable PKCS #8 private key:
- Convert PKCS12 to PEM
openssl pkcs12 -in {input PKCS #12 file} -nocerts -nodes -out privkey.pem
- Convert PEM to PKCS8
openSSL pkcs8 -in privkey.pem -topk8 -nocrypt -out {output PKCS #8 file}
If that doesn’t work, you can instead try this approach:
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in {input PKCS #12 file} -out {output PKCS #8 file}
You can now use your output file, for example: certname.pk8
, in your private key upload.
Certificate Errors
Can I use a wildcard certificate like *.example.com?
Yes.
Are Subject Alternative Names on TLS Certificates supported?
Yes.
How can I determine what domain names are on my certificate?
If you need to check which domain names are listed on your certificate, you can run the following command:
sudo openssl x509 -in {path_to_cert.pem} -noout -text | grep "Subject: CN"
This should give you back something like this:
Subject: CN=ls.owlshoesinc.com
If you get an unable to load certificate
error, you may be trying to inspect the wrong file, a “certificate request” instead of the actual certificate.
Does certificate syntax or format really matter?
It does! The TLS certificate and private key must be generated in a PEM format to upload properly.
Other Common Errors
Can I use AWS ACM?
Unfortunately, since AWS ACM cannot export private keys, you won't be able to use them with Twilio’s Link Shortening and Click Tracking offerings.
Still have questions?
If you’ve reached another error not listed above, or you’d like some clarification before moving forward, please contact our support team.
Brian Mgrdichian is a Principal Solutions Engineer at Twilio. When he’s not helping clients unearth the most optimal integrations to fulfill their needs, he loves to tinker with 3D design and printing, work on electronics, and go for hikes in the mountains of Colorado. He can be reached at bmgrdichian[at]twilio.com.
Related Posts
Related Resources
Twilio Docs
From APIs to SDKs to sample apps
API reference documentation, SDKs, helper libraries, quickstarts, and tutorials for your language and platform.
Resource Center
The latest ebooks, industry reports, and webinars
Learn from customer engagement experts to improve your own communication.
Ahoy
Twilio's developer community hub
Best practices, code samples, and inspiration to build communications and digital engagement experiences.