Re: Adding SSL to our website - what to watch out for?

Anonymous
Not applicable

Adding SSL to our website - what to watch out for?

Hi there,

We have been using Marketo on our non-secured website.

We have Marketo forms embedded directly into our Wordpress pages and we also of course have the Munchkin tracking code implemented on our pages.

We want to install an SSL certificate on our server and start encrypting traffic between our website and others.

What do we need to consider, which settings would need to be modified, any caveats?

Thanks.

7 REPLIES 7
Josh_Hill13
Level 10 - Champion Alumni

Re: Adding SSL to our website - what to watch out for?

There is documentation on moving to HTTPS for your marketo linked cnames.

Simply do a search for SSL/HTTPS here.

Anonymous
Not applicable

Re: Adding SSL to our website - what to watch out for?

I found the following before posting my question: FAQ - SSL Landing Pages and Tracking Links

It is not helpful however as it refers to Marketo landing pages.

My question was about the impact and experiences on Forms 2.0 embedded landing pages and Munchkin tracking code implications.

Jim_Thao7
Level 9

Re: Adding SSL to our website - what to watch out for?

What is a Forms 2.0 embedded landing page? Do you mean a Forms 2.0 which is embedded onto a landing page? 

This is my thought.  You don't have to do anything as the embed code does not contain any reference to http nor https.  Similarly for Munchkin as well.

The easiest way to understand this is to view your embed code and munchkin script.  The forms 2.0 embed codes references //someserver.marketo.com/js/forms2/js/forms2.min.js which is already HTTP/HTTPS and it uses your munchkin ID to reference your specific instance thereafter.  Same with munchkin which references //munchkin.marketo.net/munchkin.js which is already also HTTP/HTTPS and uses your munchkin ID to reference your specific instance thereafter.  

If you have changed any of this default behavior, it becomes custom.  

Josh_Hill13
Level 10 - Champion Alumni

Re: Adding SSL to our website - what to watch out for?

Yes, you should be fine if just your main website is HTTPS. double check the js urls though.

Anonymous
Not applicable

Re: Adding SSL to our website - what to watch out for?

To answer your question yes I mean Forms 2.0 form, embedded into an external landing page (i.e. landing pages that are not hosted on Marketo but on our own website server).

The JS URLs appear to be protocol agnostic at the moment and relative. So I believe that should not be a problem but will test.

Thank you for the feedback so far.

SanfordWhiteman
Level 10 - Community Moderator

Re: Adding SSL to our website - what to watch out for?

There actually is one important detail here that may not apply to your current setup -- as Jim and Josh noted, as long as you are using the default protocol-relative URLs, you'll be fine -- but will create a problem in the most resilient embedded form configuration.

That most resilient config is when you load your forms from an LP domain to make sure they are not blocked by browser anti-tracking plugins/features.  If you search the Community, you'll see that from time to time tracking blacklists will block connections to *.marketo.com (even though forms are not trackers, they are collateral damage).  The recommended method to avoid this is to use a non-marketo.com domain, and typically the domain chosen is one of your LP domain aliases. But in an SSL context, that means the LP domain also needs to run SSL.

Neil_Robertson6
Level 5

Re: Adding SSL to our website - what to watch out for?

if you are going HTTPS on your side you need to ensure that your Marketo LP's are also HTTPS - It's a fairly straightforward process to get Marketo to setup SSL - just supply the cert and follow the instructions in the doc attached.

Once installed and ready to go you will need to:

  • Re-approve all landing pages, which you can do in bulk by going to Design Studio, then clicking on “Landing Pages”. You can now multi-select pages and unapproved and approve again via the “Landing Page Actions” menu.
  • It is also recommended to change all images, JavaScript files and other external links in landing pages to HTTPS, otherwise users may get an “Insecure Content on Secure Pages” error. Also update any images that are hard-coded into the template.
  • If you include a Marketo landing page on a secure website using an iframe, you will need to load the secure version of the landing page, otherwise the end user will get a security warning.
  • If you use a Marketo Form on a Non-Marketo Page, you will need to update the Post URL to HTTPS.
  • If you do a server-side post to a Marketo Form and you use your CNAME as the Post URL, you also need to change that to HTTPS