SOLVED

Domain without SSL certificate

Go to solution
Highlighted

Domain without SSL certificate

Hi,

I am using Marketo REST APIs for updating leads. When I am testing API calls using Postman or my localhost, everything is working fine. When I deploy my microservice, all API calls fail with the following error:

The connection observed an error : io.netty.handler.ssl.SslHandler.channelInactive...

I believe this is happening because I deploy the microservice on http (without SSL certificate) and Marketo is blocking my calls. Calls to other web servers with the same configuration work fine.

Would it be possible to whitelist my IP address on Marketo?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Level 10 - Community Moderator

Re: Domain without SSL certificate

Marketo has no idea whether your service is being served over http or https.

If you're getting an error from the Marketo REST API endpoint that relates to SSL, that's because your SSL *client* configuration is incorrect, for example its cacerts are not up-to-date.

All connections to Marketo REST are over https, there's no whitelisting.

View solution in original post

3 REPLIES 3
Highlighted
Level 10 - Community Moderator

Re: Domain without SSL certificate

Marketo has no idea whether your service is being served over http or https.

If you're getting an error from the Marketo REST API endpoint that relates to SSL, that's because your SSL *client* configuration is incorrect, for example its cacerts are not up-to-date.

All connections to Marketo REST are over https, there's no whitelisting.

View solution in original post

Highlighted

Re: Domain without SSL certificate

So if my client does not have SSL certificate, it means I cannot call Marketo REST API endpoints?

Highlighted
Level 10 - Community Moderator

Re: Domain without SSL certificate

No, your client must have a *trusted CA bundle* that results in Marketo's cert being trusted.

This is the case with any HTTP(S) client, Java, PHP, .Net, etc. You may have a default cacert bundle that's old, or no cacert bundle at all.

Or you must set your SSL stack to ignore verifying server certs, which is always a bad idea (it makes your connection as insecure as a plain-text http connection).