Domain without SSL certificate | Community
Skip to main content
Sardor_Taylakov
Sardor_Taylakov
Level 2
January 19, 2020
Solved

Domain without SSL certificate

  • January 19, 2020
  • 1 reply
  • 4005 views

Hi,

I am using Marketo REST APIs for updating leads. When I am testing API calls using Postman or my localhost, everything is working fine. When I deploy my microservice, all API calls fail with the following error:

The connection observed an error : io.netty.handler.ssl.SslHandler.channelInactive...

I believe this is happening because I deploy the microservice on http (without SSL certificate) and Marketo is blocking my calls. Calls to other web servers with the same configuration work fine.

Would it be possible to whitelist my IP address on Marketo?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by SanfordWhiteman

Marketo has no idea whether your service is being served over http or https.

If you're getting an error from the Marketo REST API endpoint that relates to SSL, that's because your SSL *client* configuration is incorrect, for example its cacerts are not up-to-date.

All connections to Marketo REST are over https, there's no whitelisting.

1 reply

SanfordWhiteman
SanfordWhitemanAccepted solution
Level 10
January 19, 2020

Marketo has no idea whether your service is being served over http or https.

If you're getting an error from the Marketo REST API endpoint that relates to SSL, that's because your SSL *client* configuration is incorrect, for example its cacerts are not up-to-date.

All connections to Marketo REST are over https, there's no whitelisting.

Sardor_Taylakov
Sardor_TaylakovAuthor
Level 2
January 19, 2020

So if my client does not have SSL certificate, it means I cannot call Marketo REST API endpoints?

SanfordWhiteman
SanfordWhiteman
Level 10
January 19, 2020

No, your client must have a *trusted CA bundle* that results in Marketo's cert being trusted.

This is the case with any HTTP(S) client, Java, PHP, .Net, etc. You may have a default cacert bundle that's old, or no cacert bundle at all.

Or you must set your SSL stack to ignore verifying server certs, which is always a bad idea (it makes your connection as insecure as a plain-text http connection).

Terms & ConditionsAccessibility statement

Loading footer...