All online ecommerce stores are now required by the Payment Card Industry (PCI) to process transactions on a securely encrypted channel. At your Magento store, Magento SSL certificate verifies that all transactions occur over the secure layer of Secure Socket Layer (SSL) Protocol.
What is an SSL Certificate?
SSL Certificates are small data files that connect your Magento store’s details to a security key. When installed on a web server, it activates the padlock and the HTTPS protocol, thereby allowing a secure connection from the webserver to the user browser. SSL enabled connections ensure that sensitive information (such as credit card numbers, social security numbers, and login credentials) is transmitted securely.
In contrast, when SSL certificate is not enabled, the data between browser and web server is exchanged in plain text which anyone who intercepts the traffic. Attackers can easily intercept unprotect data packets and can use unencrypted information for their benefits.
SSL certificates are issued by a Certificate Authority (CA) to an organization and its domain verifies that a trusted third-party has authenticated its identity. Since the browser trusts the CA, it would trust the identity too. The browser lets the user know that the Magento store is secure, and the user can browse it with full confidence and enter sensitive information without the fear of data compromise.
Keep Your Store Secure with Dedicated Firewalls
Get platform-level firewalls and regular firmware upgrades
How Magento SSL Certificate Secures Your Store?
When a browser attempts to access a Magento store that is secured by SSL, the browser and the webserver create an SSL connection through the process known as an SSL Handshake. It then connects to a web server (website) secured with SSL (HTTPS).
The server identifies the browser request and checks the root of the certificate against a list of trusted Certified Authorities and verifies that the certificate is NOT expired or revoked, and its common name is valid for the specific Magento store. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
Magento stores have always faced security threats because of the very valuable data in the database and other areas of the store. Installing SSL certificates has now become an essential requirement of doing business in the face of rapidly evolving security challenges. The next-generation Cloudways Platform has simplifies the process of installing a free Magento SSL certificate (powered by Let’s Encrypt). On the Cloudways platform, installing an SSL certificate is a matter of a few clicks.
However, before you start configuring Magento SSL, make sure you’ve signed up for a full Cloudways account, and your domain is pointed to the target Magento application. If this sounds confusing, read this article on launching Magento on Cloudways managed server.
Note: Let’s Encrypt is a nonprofit Certificate Authority that issues FREE SSL certificates to all Cloudways customers. Note that Let’s Encrypt SSL certificates cannot be installed on Cloudways staging URLs. To use these certificates, you need to point your domain first to avoid any issues.
Install Let’s Encrypt SSL Certificates on Your Magento App
Login to your Cloudways account, and go to your Magento application.
Under the Application Management, click SSL Certificate.
Under SSL Certificate, you have two options, Let’s Encrypt SSL Certificate and Custom Certificate (discussed below).
In the Let’s Encrypt tab, enter your Email Address and Domain name (that you have already pointed), and click the Install Certificate button.
The SSL certificate installation process might take some time to finish. Once done, you will see the following screen:
Install Custom SSL Certificate on Your Magento App
In case you don’t want to use the Let’s Encrypt certificate, Cloudways provides an easy way to install a Custom SSL certificate that you have bought from a trusted Certificate Authority.
For this, you need to create a CSR (Certificate Signing Request) from the Cloudways platform.
Select your Application, and under the Application Management section, click SSL Certificate. Select the Custom Certificate slider option and tap the CREATE CSR button.
The following form will collect information about your Magento application.
After successfully submitting the relevant information, a CSR will be generated. Click the DOWNLOAD CSR button and submit it to the SSL Certificate Authority to generate an SSL certificate customized for your Magento store.
The SSL Certificate Authority will provide two files: yourdomain.crt (Certificate Code) and yourdomain.ca (Chain File). Press INSTALL CERTIFICATE, and you will see a popup asking for Certificate Code and CA Chain.
Next, click SUBMIT to finalize the process. Once done, the SSL certificate is installed and should work as intended on your Magento store.
Enable SSL Certificate On Magento Store
Once the Magento SSL Certificate has been installed, the next step involves enabling the SSL certificate for Magento 1.x and Magento 2.x stores.
Magento SSL Configuration
Log in to your Magento 1 backend and navigate to System > Configuration.
In the left panel, under the General section, tap Web.
In the right-side panel, expand the Secure section. Change HTTP to HTTPS in the Base URL and select Yes for both Use Secure URLs in Frontend and Use Secure URLs in Admin in the drop-down menu.
Now tap the Save Config button, clear your Magento 1 cache, and you are good to go!
Magento 2 SSL Configuration
The process for enabling SSL in Magento 2 is similar to that of Magento 1 stores.
Login to your admin panel and navigate to STORES > Configuration.
Under General, click Web.
Expand the Base URLs (Secure) section in the right panel. Update the Secure Base URL to HTTPS and select Yes using the drop-down for both Use Secure URLs on Storefront and Use Secure URLs in Admin.
Once done, tap Save Config and clear the Magento 2 cache using CLI or admin panel.
One SSL Magento Store On A Single Server?
Many Magento hosting providers only allow one SSL protected website on a server. This means if you want to host a second SSL Magento website, you are out of luck. You need to launch a second server (or worse yet, get a second account). SInce Cloudways is all about giving freedom and choice to our users, we allow store owners to install as many SSL-protected ecommerce websites as you like.
Boost Your Magento Store Performance by 5x Times & Maximize Your Sales
Our fastest Magento hosting can help you in growing your business revenue by 500%
Fayyaz is a Magento Community Manager at Cloudways - A Managed Magento Hosting Platform. His objective is to learn & share about PHP & Magento Development in Community. Fayyaz is a food lover and enjoys driving. You can email him at email@example.com