If you are an online merchant or supporting an ecommerce store. It’s crucial for you to have an SSL Certificate enabled in order to protect the data and transactions for customers.
Apart from that, it’s necessary to have the Payment Card Industry (PCI) to process transactions on a securely encrypted channel. At your Magento store, Magento SSL certificate verifies that all transactions occur over the secure layer of Secure Socket Layer (SSL) Protocol.
In this article, I’ll show you an easy way to clean your Magento database.
What is an SSL Certificate?
SSL Certificates are small data files that connect your Magento store’s details to a security key. When installed on a web server, it activates the padlock and the Magento HTTPS protocol, thereby allowing a secure connection from the webserver to the user browser. SSL enabled connections ensure that sensitive information (such as credit card numbers, social security numbers, and login credentials) is transmitted securely.
In contrast, when Magento SSL is not enabled, the data between browser and web server is exchanged in plain text which anyone who intercepts the traffic. Attackers can easily intercept unprotected data packets and can use unencrypted information for their benefits.
Magento SSL certificates are issued by a Certificate Authority (CA). They are issued to domains to verify that a trusted third-party has authenticated its identity. Since the browser trusts the CA, it would trust the identity too. The browser lets the user know that the Magento store is secure, and the user can browse it with full confidence and enter sensitive information without the fear of data compromise. By installing SSL, Magento redirects to HTTPS protocol providing more security and enhanced performance.
Keep Your Store Secure with Dedicated Firewalls
Get platform-level firewalls and regular firmware upgrades
How Magento 2 SSL Certificate Secures Your Store?
When a browser attempts to access a Magento store that is secured by SSL, the browser and the webserver create an SSL connection through the process known as an SSL Handshake. It then connects to a web server (website) secured with Magento HTTPS certificate.
The server identifies the browser request and checks the root of the certificate against a list of trusted Certified Authorities and verifies that the certificate is NOT expired or revoked, and its common name is valid for the specific Magento store. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
Magento stores have always faced security threats because of the very valuable data in the database and other areas of the store. Installing SSL certificates has now become an essential requirement of doing business in the face of rapidly evolving security challenges. The next-generation Cloudways Platform has simplifies the process of installing a free Magento SSL certificate (powered by Let’s Encrypt). On the Cloudways platform, installing an SSL certificate is a matter of a few clicks.
However, before you start configuring Magento 2 SSL, make sure you’ve signed up for a full Cloudways account, and your domain is pointed to the target Magento application. If this sounds confusing, read this article on launching Magento on Cloudways managed server.
Note: Let’s Encrypt is a nonprofit Certificate Authority that issues FREE SSL certificates to all Cloudways customers. Note that Let’s Encrypt SSL certificates cannot be installed on Cloudways staging URLs. To use these certificates, you need to point your domain first to avoid any issues.
Install Let’s Encrypt SSL Certificates on Your Magento App
Login to your Cloudways account, and go to your Magento application.
Under the Application Management, click SSL Certificate.
Under SSL Certificate, you have two options, Let’s Encrypt SSL Certificate and Custom Certificate (discussed below).
In the Let’s Encrypt tab, enter your Email Address and Domain name (that you have already pointed), and click the Install Certificate button.
The Magento 2 SSL certificate installation process might take some time to finish. Once done, you will see the following screen:
Install Custom Magento 2 SSL Certificate
In case you don’t want to use the Let’s Encrypt certificate, Cloudways provides an easy way to install a Custom SSL certificate that you have bought from a trusted Certificate Authority.
For this, you need to create a CSR (Certificate Signing Request) from the Cloudways platform.
Select your Application, and under the Application Management section, click SSL Certificate. Select the Custom Certificate slider option and tap the CREATE CSR button.
The following form will collect information about your Magento application.
After successfully submitting the relevant information, a CSR will be generated. Click the DOWNLOAD CSR button and submit it to the SSL Certificate Authority to generate a Magento SSL certificate customized for your store.
The SSL Certificate Authority will provide two files: yourdomain.crt (Certificate Code) and yourdomain.ca (Chain File). Press INSTALL CERTIFICATE, and you will see a popup asking for Certificate Code and CA Chain.
Next, click SUBMIT to finalize the process. Once done, the SSL certificate is installed and should work as intended on your Magento store.
Enable Magento 2 HTTPS SSL Certificate
Once the Magento SSL Certificate has been installed, the next step involves enabling the SSL certificate for Magento 2.x stores.
Magento 2 SSL Configuration
The process for enabling Magento SSL configuration is given below.
Login to your admin panel and navigate to STORES > Configuration.
Under General, click Web.
Expand the Base URLs (Secure) section in the right panel. Update the Secure Base URL to HTTPS and select Yes using the drop-down for both Use Secure URLs on Storefront and Use Secure URLs in Admin.
Once done, tap Save Config and clear the Magento 2 cache using CLI or admin panel. This is how you enable Magento SSL configuration for your blog.
Q. Where is Magento store code?
Navigate to Stores > Configuration > General > Web and find the Url Options section. There you choose to Add Store Code to URLs selecting Yes from the corresponding select box and Save Config.
Q. How do I know if Magento 2 SSL is enabled?
For most browsers, look to see if a site URL begins with “https,” which indicates it has an SSL certificate. Then click on the padlock icon in the address bar to view the certificate information.
Q. How to place SSL on Magento
To enable an SSL certificate in the Magento 2 admin:
- Access the Stores menu and click Configuration
- Select Web in the General tab
- Expand the Base URLs (Secure) section
- Update the Secure Base URL to HTTPS
- Set the Use Secure URLs on Storefront and Use Secure URLs in Admin options to Yes
Multiple Magento SSL Certificates On Single Server
Many Magento hosting providers only allow one SSL protected website on a server. This means if you want to host a second SSL Magento website, you are out of luck. You need to launch a second server (or worse yet, get a second account). Since Cloudways is the right Magento hosting partner that gives freedom and choice to our users, we allow store owners to install as many SSL-protected ecommerce websites as you like.
Customer Review at
“Great speed, features, knowledgebase, dashboard, UX and fast, expert support. Very happy!”
Stefan [Management Consultant]
Fayyaz, a passionate Motorbike tourist, works as a Team Lead — Magento Community at Cloudways - A Managed Magento Hosting Platform. His objective is to learn & share about PHP & Magento Development in Community. You can contact him at [email protected]