Customers are increasingly aware of potential risks and do not want to leave payment details on insecure websites.
An ecommerce store must actively reassure customers that their personal information is protected at all times.
SSL (Secure Socket Layer) certificates are used to establish an encrypted connection between the user’s browser and the website’s server. They guarantee a secure transfer of data and create a safe shopping environment.
Find out how to set up an SSL certificate and enable HTTPS in your Magento store.
Why is SSL Important for a Magento Store?
If you are using the services of a payment processor, the checkout page is already protected by an SSL certificate. However, there is a lot to gain by implementing an SSL certificate throughout your Magento store:
- Higher Conversion Rates - Major web browsers label non-HTTPS pages as “Not Secure”. If you fully implement SSL, the customer is much less likely to abandon the purchase due to safety concerns.
- Data Protection - Redirecting customers between HTTP and HTTPS sessions increases the risk of man-in-the-middle attacks. Enable HTTPS to secure customer sessions and data while they are browsing the store.
- Search Engine Optimization - Google uses HTTPS as a ranking signal. Adopting SSL can improve your website’s position in Google’s search results.
- Improve Customer Experience - Customers need to feel safe from the moment they reach the website to the conclusion of the payment process. Implementing HTTPS encourages customers to freely engage with website features, share information, create user accounts, and interact with other customers.
Note: If you still haven't moved to Magento 2, we strongly advise you do so. Use our Magento Migration Plan Checklist to do it as soon as possible.
Install SSL Certificate in Magento 2
SSL certificates are issued by Certification Authorities (CAs). The cost of the certificate depends on the level of validation and the number of domains and subdomains it applies to.
Explore the different types of SSL certificates to determine what kind of certificate you need.
Ecommerce stores should primarily consider adopting Extended Validation or Organization Validated SSL certificates. These certificates are more expensive, and the validation process can take longer, but they provide enhanced fraud protection customers expect.
To reduce certification costs, check if your web host offers SSL certificates as part of their pricing plan. Web hosts can help decrease overhead costs by handling the technical implementation of the SSL certificate.
Step 1: Generate a Certificate Signing Request (CSR)
To obtain an SSL certificate from a Certification Authority (CA), you need to generate a key pair (private-public) and submit a Certificate Signing Request (CSR). An encrypted CSR file contains general information about your ecommerce company, such as the fully qualified domain name, email, country, address, etc.
There are many ways to create a CSR. For example, you can use an open-source command-line tool like OpenSSL to generate a certificate signing request.
Alternatively, the SSL Manager in cPanel provides a user-friendly graphical interface for creating and managing SSL certificates.
1. Access the SSL/TLS Manager in the Security tab.
2. Select the Certificate Signing Requests (CSR) option.
3. Use the Generate a New Certificate Signing Request form to enter website and company details and create a private encryption key.
4. Review and confirm that the information is correct and click Generate.
5. Submit the encoded CSR to a Certification Authority of your choice.
The Certification Authority validates the information from the CSR and issues an SSL certificate. Depending on the certificate type, the CA may request additional documentation to verify the information.
Step 2. Install SSL Certificate
Once the certification process is complete, the Certificate Authority provides a certificate file (.crt). The file needs to be placed on your server.
1. Access the SSL/TLS Manager in cPanel.
2. Select the Certificates (CRT) option.
3. Paste the body of the certificate file and select Save Certificate. Alternatively, upload the .crt file using the Browse option and click Upload Certificate.
4. Access the Install and Manage SSL for your Site (HTTPS) menu.
5. Select the certified domain using the dropdown menu and click Autofill by Domain.
6. The system retrieves the certificate and the corresponding private key as they are located on the same server.
7. Click Install Certificate.
Once the installation process is complete, enable the SSL certificate in Magento.
Step 3: Enable SSL Certificate in Magento 2
To enable an SSL certificate in the Magento 2 admin:
1. Access the Stores menu and click Configuration.
2. Select Web in the General tab.
3. Expand the Base URLs (Secure) section.
4. Update the Secure Base URL to HTTPS.
5. Set the Use Secure URLs on Storefront and Use Secure URLs in Admin options to Yes.
6. Click Save Config to apply the new settings.
The changes are visible in the storefront once you flush the Magento cache.
Note: Increase the security of your store by changing your Magento admin URL.
You have successfully implemented an SSL certificate and improved data security in your Magento store.
This shows customers that you are willing to invest time and resources in security features and authentication tools to protect their data. We recommend also checking out our article on eCommerce website security to learn more about how to secure your online business.