This week I was asked by a peer to add SSL support to a Magento installation. Since this is something trivial but also something I think people should really take a look at I decided to share with you how you can achieve this.
Why should you add SSL to Magento?
SSL is important for stores who want their customers to be sure everything they enter is encrypted along the way from their browser to your server. Stores with payment gateways that force the customers to enter their creditcard information directly in Magento instead of transferring them to a secure page at the creditcard providers’ servers will also need SSL.
I’m a firm believer in sticking to what you do best. I’m specialized in webdevelopment, others are specialized in hosting solutions. So I recommend contacting your hosting provider to install a SSL certificate on your server. And since a stable Magento installation requires semi-dedicated or dedicated hosted I’m assuming your server or domain has it’s own IP-address. If this is not the case, contact your hosting provider for this too. These are some prerequisites if you want to upgrade your Magento webshop to using SSL.
The “hard” part
Ok, this may be hardest part, but don’t fret. Depending on your server-setup, symlink your “secure” directory to your “public” directory. For some this means aliasing their httpsdocs folder to the httpdocs folder, for others this means aliasing private_html to public_html. If you’re using DirectAdmin you can do this by going to “Domain setup”, clicking on your domain, enabling “Make private_html symbolic link to public_html” and clicking “Save”.
Now all that remains is logging into the back-end of Magento and going to System > Settings > Web. Change the Secure Base URL to https://www.yourstore.com, but keep the Unsecure URL set to http://www.yourstore.com. That’s all!
As you can see this is really easy to do. Offering HTTPS/SSL to your customers is an amazing way to increase their trust in your webshop, they feel safer and more secure.