I suggest you ...

SSL Encryption (https) for forms/Pages

I understand that you have stated pages cannot be encrypted due to the complexities involved in managing customer's certificates, as explained here: http://help.hubspot.com/articles/FAQ/Can-I-host-secure-content-on-HubSpot-Does-HubSpot-support-the-use-of-SSL-encryption

However, have you considered partnering with an SSL provider (Comodo, etc) that would allow you the ability to manage the data you need on your end, but the SSL provider would handle all other SSL requirements (verifying the business entity, expiration, etc). Even if you only offered one SSL partner, as long as it was industry standard pricing, this would be better than not having any SSL solutions? It could work like one of the "Apps" that you install I suppose.

Even though we don't collect confidential data, customers these days expect their information to be secure, even if its just a name & email addres, a good example of this is Facebook offering https browsing.

145 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • sso
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    NathanNathan shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Deborah ScottDeborah Scott shared a merged idea: Add support for SSL Encryption (https)  ·   · 

    21 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • CarstenCarsten commented  ·   ·  Flag as inappropriate

        HubSpot, as stated below, we live in 2015 and SSL is a MUST for all our customers. The pricing is far away from being competitive. I give a +1 for Thomas' suggestion of implementing SNI.

      • Marshall MulletMarshall Mullet commented  ·   ·  Flag as inappropriate

        I agree with Thomas, an economical solution is in order. With search engines and browsers becoming more stringent about security, this needs to be a priority.

      • Thomas BachmannThomas Bachmann commented  ·   ·  Flag as inappropriate

        The solution presented is quite expensive, especially for extended SSL certificates. Please consider implementing SNI so that customers can upload their own (extended) SSL certificates without any additional costs.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Anything submitted though a form should be considered sensitive data, regardless of what that data is. Without SSL, how can any HubSpot lead trust entering any information into the system. Does someone need to show the vulnerability of not using SSL before any changes are made? Just because the average person is unaware of the dangers of not using SSL does not mean it should be placed low on the priority list.

      • Anonymous commented  ·   ·  Flag as inappropriate

        You need to fix this. Our sites are always-on SSL and I cannot recommend the use of or integrate Hubspot into our Websites until you provide SSL support.

      • JakeJake commented  ·   ·  Flag as inappropriate

        I think Hubspot needs to come up with a new status other then "Pending". It seems like most of what we ask for in ideas is "Pending" for years.

      • Joseph BurgerJoseph Burger commented  ·   ·  Flag as inappropriate

        How can we expect people to visit our site and fill out a form with their personal information without using SSL. It's 2014, use SSL endpoints.

      • James SullivanJames Sullivan commented  ·   ·  Flag as inappropriate

        Hosting SSL is important for me because I want my customers to feel safe when submitting web forms. A technical workaround that could work for this would be to create a reverse proxy on Heroku (or another service) which proxies the requests in HTTPS and sends them in HTTP to your service. The traffic between AWS and HubSpot is less vulnerable than my client traffic while they're at a coffee shop or on public wifi.

      • NathanNathan commented  ·   ·  Flag as inappropriate

        Great to hear! Customers seem to expect data security these days, even if its just name, email & phone #. It looks more professional and fosters trust.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I'm glad to hear your are now investigating a solution for SSL encryption! Thank you!!

      • Anonymous commented  ·   ·  Flag as inappropriate

        I just wanted to give a second vote for this 3rd party solution. We are managing a handful of HubSpot accounts in the healthcare sector. We are not asking for personable information on any of the downloads but it's surprising what people will divulge in the comment box. Having a secure option would be great and we've had that request repeatedly. Setting up those forms via API can be a lot of work plus it forces us to use another cms that has the secure features when the entire site could have been easily hosted on HubSpot. The SSL is the only thing holding us up.

      ← Previous 1

      Feedback and Knowledge Base