Marketo Secured Landing Page using domain aliases give an invalid SSL certificate error on load.
Confirm that the domain alias is a CNAME and not another type of record such as an A RECORD.
Within Marketo's Documentation for setting up landing pages and tracking links, it only specifies a CNAME configuration. This is the only configuration that is supported. If another configuration happens to work, it does not mean it will continue to do so and will throw an error once SSL is enabled.
Below is a diagram showing the configuration that is supported by Marketo. The Top Level Domain is owned and hosted by the Customer. Separate sub-domains, or CNAMEs, are created, one for each Landing Pages and Tracking Links. These CNAMEs then reference Marketo.
Other ways of configuring this are not supported due to not being reliable. An A RECORD for example, can point a Domain directly to an IP Address. This can be unreliable because an IP Address can easily and frequently change. As a Domain name is usually synonymous with a Company name, any change is infrequent and usually manual.
*Tracking Links only require a sub-domain and SSL if you wish to have them branded. If instance reflects the 'mkto.aa######.com' for tracking links, they are covered under Marketos SSL certificate.
Who This Solution Applies To
Customers with Secured Landing Pages who also use domain aliases