SOLVED

Best Practices Preparing Our Instance to Change from "HTTP" to "HTTPS"

Go to solution
Jason_Cabrera
Level 2

Best Practices Preparing Our Instance to Change from "HTTP" to "HTTPS"

Our Marketo Instance is over two years old, and we are preparing to change our landing pages and stored files from HTTP to HTTPS.

We have over 100+ landing pages and 1000+ files. The records are either a document or an image. 

Are there any best practice tips and tricks when preparing our instance for this change? 

1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator

Re: Best Practices Preparing Our Instance to Change from "HTTP" to "HTTPS"

Jason, this would be better served in the general peer-to-peer area (Products‌). If you move the thread there, we can continue with a wider audience.

For now I'll say the most important consideration, bar none, is that you must begin using protocol-relative URLs (URLs that begin with the string "//") anywhere that you're currently using the full protocol "http://" to load so-called "active content" (JS and CSS files, as well as IFRAMEs) on your LPs. Remember that assets may be loaded from {{my.tokens}} or mktoVariables.

Insecure images are, as of now, still considered "passive content" and won't be blocked outright (though that's coming eventually). Preparing both active and passive content for the SSL migration is advisable, but if covering only active is possible for some reason, you can concentrate on that.

You have 100+ LPs, but really that's not so many relative to many instances I've seen. I think you can handle that manually, assigning a trusted person (read: not an intern!).   Otherwise you'd need to use the API and get a developer up to speed, likely not worth it for 100 LPs IMO. 1000 LPs, yes.

View solution in original post

1 REPLY 1
SanfordWhiteman
Level 10 - Community Moderator

Re: Best Practices Preparing Our Instance to Change from "HTTP" to "HTTPS"

Jason, this would be better served in the general peer-to-peer area (Products‌). If you move the thread there, we can continue with a wider audience.

For now I'll say the most important consideration, bar none, is that you must begin using protocol-relative URLs (URLs that begin with the string "//") anywhere that you're currently using the full protocol "http://" to load so-called "active content" (JS and CSS files, as well as IFRAMEs) on your LPs. Remember that assets may be loaded from {{my.tokens}} or mktoVariables.

Insecure images are, as of now, still considered "passive content" and won't be blocked outright (though that's coming eventually). Preparing both active and passive content for the SSL migration is advisable, but if covering only active is possible for some reason, you can concentrate on that.

You have 100+ LPs, but really that's not so many relative to many instances I've seen. I think you can handle that manually, assigning a trusted person (read: not an intern!).   Otherwise you'd need to use the API and get a developer up to speed, likely not worth it for 100 LPs IMO. 1000 LPs, yes.