Configuring HTTPS for Enhanced Magento Security

If you want to enhance the security of your Magento powered store, then configuring SSL certificate can help you accomplish such an objective. SSL helps in creating an encrypted link between the web browser and server. The link establishes a secure (HTTPS) connection, ensuring that the information passed between your server and browser remains secure. An SSL certificate, not just help you win your customer’s trust, but also plays an important role in increasing the rank of your site on search engines.

Through this post, I’ll make you understand the process of configuring HTTPS (SSL) in your Magento store to increase its security.

Understanding the Basic Configuration Process

You just need to follow a few basic steps to configure Magento with an SSL certificate, as discussed below:

  • Step 1: Get logged-in into your Magento administration panel.
  • Step 2: From your admin dashboard screen, go to System → Configuration.

Magento Configuratiobn

  • Step 3: Next, under the General tab (positioned in your back-end left-side menu) you’ll find a web link.

Magento Configuration Web

  • Step 4: Click on the web link and you’ll see a lot of configuration options will appear (as shown in the image below). Make sure that both the options “Use Secure URLs in Frontend” and “Use Secure URLs in admin” are set to “Yes”. Doing so, will ensure that your Magento site will execute correctly with SSL for those particular segments.

Magento configuration SSL

Following the aforementioned steps will make your Magento store configured, thereby ensuring that it will function over SSL.

Two Important Considerations You Shouldn’t Afford to Miss

Once you’ve successfully configured HTTPS connection, by configuring your Magento store with SSL, there are a few things you need to consider:

1. Enable HTTPS For Your Store

In case you’re not using SSL certificate, you can buy one from any reliable and trusted Certificate Authority like Godaddy, Geotrust, etc. But, keep in your mind that for buying such a certificate, you’ll have to create a private key, as well as, a certificate request. For this purpose, you need to use openssl.

If you don’t have openssl at present, you need to apply the following commands to get it installed:

a. Debian/Ubuntu Comman

apt-get update

apt-get install openssl

b. RHEL/CentOS Command

yum install openssl

Next, implement these commands as root user, and you’ll be able to create a certificate request that needs to be sent to your Certificate Authority.

Note: To make the process of enabling SSL much easier, make sure that the SSL is enabled on Apache and Nginx configurations.

2. Tips to Consider When Moving From HTTP to HTTPS

Remember that moving your Magento store from HTTP to HTTPS can screw your site. That’s because, moving from http to https means that you’re moving your Magento store to an entirely new URL structure. This could impact your search engine rankings. Below are a few tips, you must pay heed to before moving your Magento store to HTTPS connection.

  • At the time of positioning in HTTPS, make sure that all your internal links are pointing to the new and secure HTTPS URLs. To begin with, ensure that your Magento store navigation links (including up sells, footer links, etc.) and links within the body text point to the new HTTPS URLs. Also, ascertain that links within your blog (if any) are applied the secure URLs.
  • Apart from the internal links, you need to check whether your external links are pointing to the HTTPS URLs or not.
  • Furthermore, make certain that your store’s canonical Tags (i.e. “rel” tags) doesn’t point to the old HTTP version. Remember that these tags help Google search engine crawlers to decide the page that needs to be ranked. And so, when moving over to HTTPS, do make sure that even the canonical tags are being moved to the new HTTPS version.
  • Next, your Magento store XML sitemap consists of all URLs pointing to individual pages in the store. Thus, prior to migrating to HTTPs, you’ll have to make your sitemap point to the HTTPS URLs as well.
  • Once you’ve migrated to the secure URLs, use Google webmaster tools. This will help you get a picture of whether you have been able to complete the 301 redirect configuration in an accurate manner or not. However, since using the Google webmaster tools requires you to create an account of your site on it, you’ll need to include HTTPs website link to acquire stats for the new HTTP version.
  • In case you’re running any RSS feeds or planning to include them in your HTTPS version, scrutinize if your RSS provider provide support for HTTPS or not
  • It is recommended that you must use a tool in GWT, for conducting a test to evaluate if Googlebots are able to crawl towards your website in the right manner or not.

Final Words

So, hope that this post would have helped you understand the basic process of configuring HTTPS (SSL) in Magento. Besides this, don’t forget to check out the other important considerations, so as to ensure that your store doesn’t fail after switching to HTTPS.

Most importantly, keep in your mind that after migrating your Magento store to secure HTTPS connection, you can face a lot of SEO related issues. And possibly, you might not get enough time to deal with those issues. But, sticking with useful tools such as Google Analytics will surely help you improve your store search engine rankings.

Subscribe to our mailing list

Our Personalization Solution


Want to increase conversions and sales of your eCommerce Website? Discover our 360º eCommerce Personalization Solution and Try it for Free!


Post your thoughts