SSL certificate installation in Magento 1.9
Install SSL certificate in Magento 1.9 with this detailed guide. Ensure your site's security by automatically redirecting from HTTP to HTTPS.
Introduction
- In this tutorial we will present the necessary steps to implement an SSL certificate in the Magento 1.9 application, through the available settings in the administration area of the application. After completing these steps, any unsecured access to the site (with https://domain.tld) will be redirected to the secure version (with https://domain.tld), and all traffic between the site visitors and the server will be encrypted.
- As an example, we will use the subdomain demo.hostico.ro.
Requirements
For completing the steps, we will need the following:
- Authentication details for the Magento 1.9 administration panel.
- An SSL certificate installed on the hosting account and the domain where the Magento 1.9 application runs.
Steps
- First, we will log into the Magento 1.9 administration panel by accessing domain.tld/AdminAddress (the preferred address set by you during the installation of the Magento 1.9 application).
- Once authenticated, we will click on System from the navigation bar, then click on Configuration.
- We will select Web from the General section of the navigation bar on the left side of the page.
- Categories of settings related to the application will appear. We will click on the Secure category.
- The application's security settings will be loaded.
- From here we are interested in the fields BaseURL,Use Secure URLs in Frontend and Use Secure URLs in Admin:
-Base URL : we will set the site with https:// . In our case https://demo.hostico.ro/ will become https://demo.hostico.ro/ (I added 's' to https://).
-Use Secure URLs in Frontend: should be set to Yes.
-Use Secure URLs in Admin: should be set to Yes.
- After modifying the fields, we will click on the Save Config button at the top of the page
. - From this moment on, any unsecured access to the site will be redirected to the secure version. Similarly, resources (photos, css code, js, html, etc.) from the source code of the site will be loaded via the HTTPS protocol.
- If the redirection to the HTTPS version is not done automatically, we can edit the .htaccess file of the root folder where the Magento application is installed and insert the following lines at the end of the file:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*)https://%{HTTP_HOST}%{REQUEST_URI}
The .htaccess file can be edited using the File Manager in cPanel.
There may be cases where even after following these steps, the browser displays warnings that the site is unsecured (a "yellow lock" may appear in the address bar or other warning messages).
Unsecured domain with SSL
These warning messages do not represent an issue with the SSL certificate.
The warnings are caused by resources in the site's source code, which still load via the HTTP protocol. For the site to be secure and to avoid any warnings, all links in the site's source code must load via the HTTPS protocol.
Although the application automatically modifies the links in the site's source code to use the HTTPS protocol, some of them cannot be converted. This issue may be caused by a plugin or module, by the theme used, by lines of code manually added to the site's files, and so on.
To check which links have remained on the HTTP protocol, we can right-click on the site, then select View Page Source. From here, we can search in the site's source code, using the CNTRL + F keys, for the links that contain HTTP://.
The found links will need to be manually modified to use the HTTPS protocol. These links can be found either in the site's PHP code or in the database.