We have been receiving an SSL Connect Error when using a webhook to POST to a third party database. We identified the problem as our domain not having an SSL certificate. This has now been purchased and our domain is now secure, but our POST is still receiving the SSL Connect error. When I look at our domain name in our Landin Page section, the domain still appears as http:// rather than https://
Is there something else we need to update/change within our Marketo instance for the system to recognize the secure domain, or do I just need to wait for it to automatically update? If the latter, do you know how long we need to wait?
The server hosting the Landing Page domain and the server hosting a webhook endpoint have no inherent relationship with each other.
That is, if you have uploaded your SSL cert to Marketo, that merely enables inbound secure connections to https://lp.example.com. It has nothing to do with outbound connections from your Marketo pod to https://webhook.example.com. That they both are subdomains of example.com is a distraction from your underlying problem.
Ok, great. Thank Sanford, that makes sense. So if the SSL certificate on my domain doesn't impact my ability to make a secure POST do you know what the issue would be? You're right, this isn't about collecting information is a secure fashion, my problem is posting data securely to another database.
For clarity, better to stop thinking in terms of "the SSL certificate on my domain" as this will become ambiguous. SSL certs do secure one or more domains, but they never go on a domain, they go on a server, one server at a time.
Anyway... we're clear that the cert installed on the Marketo server hosting your LP domain doesn't have anything to do with outbound https://.
What does have to do with outbound https: is whether the cert on your webhook endpoint is signed by a CA (certificate authority) that Marketo includes in its CA bundle. (To put this somewhat closer to English, it means that Marketo must recognize the endpoint's cert as coming from a trusted SSL provider.) Can you provide a sample endpoint URL?
Thanks Stanford, this is outside my skill set so I really appreciate your help. We are posting to this url: https://www.toyota.ca/toyota/secure/LeadSyncService/SOAP/consumerRequestService/v2
Please let me know if this is not what you were asking for
OK, don't think this is a CA bundle issue. Though one can't tell for sure without deeper investigation and cross-comparison, I think it's an SSL version support issue. Nearly a year ago I did some research and found similar issues.
In a nutshell, while Marketo does support TLS 1.0, 1.1, and 1.2 (that's the gamut of modern protocols, with 1.2 preferred when possible) and your endpoint in theory supports the same three, there's something in the way the server negotiates (handshakes) and advertises its support that makes the two sides unable to agree on a common protocol. I was able to get this to happen with webhooks and my test server back in the day, by trying a bunch of permutations.
This reminds me of a convo we had some time ago about TLS 1.2. I had an OpenSSL test server and was able to force webhooks to fail even though I was supporting all TLS 1.x protos.
Sanford is correct, we are receiving an SSL Connect Error. The curious thing is that we had it working a couple months ago. We recently noticed the connection was now erroring and believe it either has something to do with the security on our end, or the authentication setup on the receiving end (the setup of the webhook itself did not change). When we first launched, the site on our domain (toyotatalk.ca) was not live. We noticed the SSL Connect error after pushing the site to PROD and suspect that may have something to do with it. Our contact on the receiving end noted our certificate may be the problem, so we purchased an SSL certificate and installed it on the domain. After taking those steps, the error is continuing and we are not certain what the next steps should be. Any insights or ideas you may have are greatly appreciated.