We're switching our site to an SSL certificate. We've done a switch this morning, and began testing. Nothing seems out of the ordinary so far. I've tested the three or four forms we've embedded in the site. We don't have anything more advanced set up with Marketo just yet. Marketo seems to be logging form posts... Munchkin even seemed to remember me.
But, of course, I can't believe it would've gone that smoothly! Such a paranoid pessimist. I swear I'd read somewhere there can be issues with forms or tracking, when switching to a security certificate. Unless, maybe we were lucky and had Marketo already set up to avoid problems.
So, my question is: When setting up SSL on a website with Marketo components embedded, What are the things I should be checking for. Settings to set, switches to flip, i's to dot, t's to cross?
HI Charles,
The more annoying point comes from the images in landing pages. Marketo does not store their URL in relative format (starting with //) but rather in absolute (starting with http://). And someone displaying a SSL enabled LP with a non SSL image is likely to get an "unsecure content" alert. So you have to go through all LP's and update the images.
For the rest, normally, forms JS libraries are called in relative mode and upgrade seemlessly. And for emails, http:// images will not cause any issue since Marketo provides a redirect and you do not risk "unsecure content" in emails.
-Greg
Hey Charles, just to confirm, have you done the change with Marketo or just on your own end for the SSL certificate? The components that Greg mentioned are part of the Marketo update but sometimes people are unaware (as we were) that this is a separate update that you need to coordinate with Marketo when you change over to SSL.
If you only do the SSL update on your website (not through Marketo) then you risk losing some referrer information, and URL parameter capture. I'm sure there are other issues as well, but these are two issues I've seen in the past.
Yes, we've only switched to SSL on our corporate site. The Marketo domain where our marketing landing pages sit, hasn't been changed to SSL.
Just to be sure I understand... Do you mean referrer information being passed from the corporate site to a Marketo-based landing page? Fortunately, we don't have anything set up this way at the moment. Or is the Munchkin code missing details on any forms embedded on the corporate site?
If your site is on SSL and your Marketo LP's and resources are not, you are going to loose data when people will browse from the web site to Marketo. Furthermore, embedded forms might now be seen as "unsecure content" by some of your visitors. You need to quickly also upgrade your Marketo LP's and images& files to SSL.
For this, you need to contact your Marketo CSM or sales and ask them for a quotation. You will have to provide them with a certificate for the Marketo LP subdomain.
-Greg
Glad I asked! This is something that is commonly overlooked, and sometimes not noticed until you are missing data.
This will be an additional one-time update you need to make with Marketo. I would advise getting this moving forward as quickly as possible as they have a ~3 week turnaround on this process.
Glad your asked, indeed
-Greg
Dang. Well! Good thing we saved old settings. Thank you!
With Chrome being more aggressive in marking Non-SSL pages as insecure, we've found a major problem with upgrading our main domain page, and not Marketo SSL at the same time. Chrome seems to identify the main page as secure, and see's a conflict with having the subdomain (Marketo's landing page domain) as being insecure, and gives the scary popup on most landing pages.
I wonder if someone has gone through this in the past without having to "roll back" their main-domain SSL while they wait for the Marketo SSL upgrade to occur.
If you're embedding Marketo LPs in your corporate site (why?) this will definitely happen, and there is no workaround.
If you're loading Marketo Embedded Forms from your LP domain (a good idea, generally) you could temporarily switch back to your app-*.marketo.com pod hostname.