Magento is an open-source, e-commerce platform designed to offer a scalable and flexible shopping cart system. It’s a powerful platform that allows online merchants to control the content, functionality, and look of their stores. The application empowers e-commerce merchants to accept and process credit cards payments online.
For this reason, the Magento store ought to comply with all the Payment Card Industry (PCI) rules when handling this sensitive customer information. One of the core PCI rules requires all private data and personal information of customers to be processed on an encrypted channel. The best way to encrypting all channels is the installation of Secure Security Layer (SSL) and Hypertext Transfer Protocol (HTTPS) technologies on your Magento store.
If you are looking to boost the security of your Magento store, you have landed on the right page. This in-depth guide is compiled to help you configure SSL on your Magento store and redirect all HTTP traffic to the secure HTTPS protocol.
Let’s get started!
Special Note: Many web hosting services offer one-click Magento installation, but some offer much more: 24/7 Magento tech support, daily updates and backups, templates etc. Consult our Best Magento Hosting services reviews page to find the top Magento hosts, including expert and user reviews.
Step 1: GENERATE THE CSR AD PRIVATE KEY
The SSL certificate cannot be successfully configured without the following components:
- Certificate Signing Request (CSR)
- Private key
- Public key
For a hassle-free installation process, generate the CSR and the private key on your server.
Login to the cPanel
Navigate to the Security tab and open the SSL/TLS icon.
Once you open the SSL/TLS icon, go to the Certificate Signing Request (CSR)
Locate the Generate a New CRS
Select Generate a new 2048 bit key, and provides all the details as requested. Ensure you submit only correct details for Domain, City & State, country, company, Company division, email, description, and Passphrase. Click Generate
A window will appear with the generated CSR code. Make a copy of this code and save it, you will use it to ‘activate’ the SSL certificate.
The private is generated simultaneously, with the CSR.
Step 2: GET YOUR SSL CERTIFICATE AND INSTALL IT
Once you generate the CSR and the private key, the next step is buying your ideal SSL certificate. During the checkout process, you will be requested to submit the CSR you generated above. The CA will then activate your certificate before sending the Certificate files (yourdomain.com.ctr and the intermediate.crt).
To install your certificate, Login to your
Select Manage SSL sites
Copy all the certificate code to their relevant fields, then click the Install Certificate button
Verify if your Secure Socket Layer (SSL) certificate was installed successfully before moving to the next step.
Step 3: CONFIGURE MAGENTO
By now have successfully installed and configured the SSL certificate on your servers. The next step is modifying the setting on your Magento platform to utilize SSL.
Login to Magento using the admin password and username.
Once you log in, navigate to the System button. Click this tab; a drop-down menu will appear. Select configuration, then on the bar on the left, click General. A drop-down menu with a host of options will appear, select the Web option.
On the web section, our area of interest is the secure area. Select the Base URL Section field and modify it to incorporate the HTTPS// form of your home page. In addition, tick the Use URL in admin and Use URL in frontend dropdowns to “yes” option.
Click the Save Config button, to complete the configuration. By now your entire Magento store is fully configured to utilize the secure HTTPS URLs. Everything including all the pages where you collect and submit sensitive information are properly encrypted. To confirm this, visit your Magento store using the old HTTP URL if you are automatically redirected to the secure HTTPS// URLs, thumbs up! Everything is okay.
Step 4: CONFIGURE REDIRECTS TO HTTPS PAGES
Your Magento site is set to automatically redirect web pages to the SSL. This doesn’t eliminate the need for unique redirects to cut the load on your Magento site. Whether you are using Apache or NGINX setting up the redirects is super easy.
If you are using NGINX substitute your URL structure with the following code:
On the other hand, if you are using Apache use the following code:
Step 5: UPDATE ALL INTERNAL LINKS TO THE SECURE HTTPS URLs
Although Magento does all the work to change internal links to HTTPS, some of the themes won’t capture every link. In addition, some of the links that you modified manually may not automatically switch from the old HTTP to HTTPS protocol. It important that all internal links are updated to HTTPS URLs to ease the load on your server to boost the site speeds and improve the search engine rankings.
To pinpoint all internal links set in the old HTTP protocol, we’ll utilize a software called Screaming Frog. You need no buy the application; its free version is equal to the task.
- Install Screaming Frog.
- Open the Screaming Frog. Copy and paste your Magento site URL (Homepage) into Enter URL area, then click the start.
- The solution will crawl all the URLs in your Magento site. Once the progress hits the 100% mark, click the internal button.
- Select the Address tab to put all the HTTP URLs in one group. From the list, select the first URL.
- At the bottom of the Screaming Frog window, click the Inlinks tab.
- The bottom window will display a list of pages linking to the selected HTTP URL. Use this data together with the information on the FROM and Anchor Text columns to update all the links to HTTPS.
- Once you are done, you can follow the Screaming Frog instructions one more time to flash out all the remaining HTTP URLs.
Updating all internal links to HTTPS is important if you are looking to derive any SEO advantage when you switch to HTTPS.
This is a comprehensive guide, written to arm you with essentially everything you need to set HTTPS/SSL on Magento site successfully. If your site is not using the HTTPS/SSL technology, you are making a big mistake. Get out and make it happen as soon as possible before the situation gets out of control. The technology is imperative and should be your first line of defense for safeguarding your site and visitor data.