SSL for Account Engagement Tracker Domains FAQ

No, but we recommend reading the documentation on how to "Make a Tracker Domain HTTPS-Secure ".

After clicking Enable SSL for a tracker domain, Account Engagement gets an SSL certificate specifically for your tracker domain, e.g. go.example.com. This means anyone can now view any of your company's Account Engagement assets over https://go.example.com. If you tried to do so before having an SSL certificate, you'd see a scary warning stating "Your connection is not private. Attackers might be trying to steal your information from go.example.com." This action has no side-effects! Everyone should be encouraged to SSL-enable at least their Primary tracker domain — it's harmless, easy and free!

1. Determine which marketing assets you want to deliver over HTTPS

- Review the assets you want to distribute over HTTPS to make sure it's free of mixed-content. This is not an all-or-nothing proposition. Focus on updating just the assets you want to distribute HTTPS links for — for some this may just your newest marketing content, for others it may be everything.
- Mixed-content is a web resource (style, script, video, etc) that is requested over HTTP when the top-level page was loaded over HTTPS. This only refers to resources being embedded into a page; this does not refer to purely navigational links. 
- Modern browsers will typically report each instance of mixed-content in their respective developer consoles.
 

2. When all Account Engagement assets are verified free of mixed-content, you have the option to Default HTTPS for any of your SSL-enabled tracker domains

- This primarily has the effect of causing any in-app display of your vanity domain, including vanity URLs, to be prefixed with https:// rather than http://. This will not update links containing your vanity domain or vanity URLs in your marketing content (external to Account Engagement), only in the app, such as on Form or Landing Page read pages.

These are some common issues related to SSL-enablement and what you indicate:

- Accessing marketing content over HTTPS shows a scary warning page such as "Your connection is not secure": this means an SSL certificate isn't available for the top-level domain of your request. In other words, try http:// instead of https://.

- Request for an SSL certificate is taking longer than the typical ~15 mins: We do rely on a 3rd party to issue certificates. If yours is taking longer than 30 minutes to validate, contact the Account Engagement support team.

- Marketing assets load over HTTPS but it's missing images / renders un-styled content / etc: this is a symptom of blocked resources prevented from loading due to mixed-content detection. 
 

- SSL enablement simply means you now have the option to distribute HTTPS links to your vanity domains instead of just HTTP. 
- Setting an SSL-enabled tracker domain to Default HTTPS will update your links in the app to be prefixed with HTTPS but not in your marketing content.
 

- We don't currently have plans to modify links in your marketing content.
 

- Provisioning an SSL certificate for a custom domain will have no effect on pre-existing go.pardot.com links. They'll continue to work as normal.
- Creating a new tracker domain won't un-verify or otherwise interfere with existing tracker domains.
 

- You aren't forced to take any action by SSL-enabling a tracker domain.
- When a marketer chooses to serve the page with an iframed Account Engagement asset (hosted on their SSL-enabled domain) over HTTPS, you are *strongly* encouraged to address any instances of mixed-content in their Account Engagement asset.
- You are free to do this on an asset-by-asset basis; this isn't a forced an all-or-nothing situation.

- HTTPS will not be automatically checked. If the Primary domain is a custom one, the HTTPS toggle will show the custom domain in the Endpoint URL, otherwise, it will continue to use the default domain. The HTTP toggle will always use the primary domain.
 

Let's take this question in two parts:

- Will I need to update all of my Layout Templates?
Determine this on a case-by-case basis. It's up to each of you to decide which content you want to serve securely and how to prepare it to be served securely.
 

- Will I need to replace all links with https://go.pardot.com?
While you are free to use https://go.pardot.com, with this new feature, you now have the option to use https://yourcompany.com instead of the default domain.
 

- There's no need to modify Account Engagement Tracking Code as a result of enabling SSL for a tracker domain.

- Nope!
 

- Nope!
 

- Nope!
 

- Yes!
 

You can enable a feature to force https. This is only to be used after all mixed content has been resolved in your current marketing assets and also on your website with your IT team. This will force every single http:// request for any public content on your account to https:// and can result in consequences if the mentioned above is not fixed first. For more on this process, refer to our documentation here:

⇥ https://help.salesforce.com/apex/HTViewHelpDoc?id=pardot_admin_force_https_redirect.htm

- Yes! The primary purpose of our "SSL for Vanity Domains" feature is to provide you with exactly this option!
- As browser developers become more strict in enforcing web security through an HTTPS Everywhere scheme, we should see you moving more toward adopting HTTPS exclusively for serving your marketing content.

What CAA does Salesforce use and do I need to add one to my DNS?