SSL certificate installation in Magento 1.9
Install SSL certificate in Magento 1.9 with this detailed guide. Ensure your site's security by automatically redirecting from HTTP to HTTPS.
Introduction
- In this tutorial we will present the necessary steps to implement an SSL certificate in the Magento 1.9 application, through the available settings in the administration area of the application. After completing these steps, any unsecured access to the site (with https://domain.tld) will be redirected to the secure version (with https://domain.tld), and all traffic between the site visitors and the server will be encrypted.
- As an example, we will use the subdomain demo.hostico.ro.
Requirements
For completing the steps, we will need the following:
- Authentication details for the Magento 1.9 administration panel.
- An SSL certificate installed on the hosting account and the domain where the Magento 1.9 application runs.
Steps
- First, we will log into the Magento 1.9 administration panel by accessing domain.tld/AdminAddress (the preferred address set by you during the installation of the Magento 1.9 application).
- Once authenticated, we will click on System from the navigation bar, then click on Configuration.
- We will select Web from the General section of the navigation bar on the left side of the page.
- Categories of settings related to the application will appear. We will click on the Secure category.
- The application's security settings will be loaded.
- From here we are interested in the fields BaseUse Secure URLs in Frontend and Use Secure URLs in Admin:
-Base URL : we will set the site to https://. In our case https://demo.hostico.ro/ will become https://demo.hostico.ro/ (we added 's' to https://).
-Use Secure URLs in Frontend: it should be set to Yes.
-Use Secure URLs in Admin: it should be set to Yes.
- After modifying the fields, we will click on the Save Config button at the top of the page
. - From this moment on, any unsecured access to the site will be redirected to the secure version. Similarly, resources (photos, css code, js, html, etc.) from the source code of the site will be loaded via the HTTPS protocol.
- If the redirection to the HTTPS version is not done automatically, we can edit the .htaccess file of the root folder where the Magento application is installed and insert the following lines at the end of the file:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*)https://%{HTTP_HOST}%{REQUEST_URI}
The .htaccess file can be edited using the File Manager in cPanel.
There may be cases where even after following these steps, the browser displays warnings that the site is unsecured (a "yellow padlock" appears in the address bar or other warning messages).
Unsecured domain with SSL
These warning messages do not indicate an issue with the SSL certificate functionality.
The warnings are caused by resources in the website's source code, which are still being loaded via the HTTP protocol. For the site to be secured and to avoid any warnings, all the links in the website's source code must be loaded through the HTTPS protocol.
Although the application automatically modifies the links in the website's source code to use the HTTPS protocol, some of them cannot be converted. This issue may be caused by a plugin or module, the theme used, manually added lines of code in the site's files, and so on.
To check which links remain on the HTTP protocol, we can right-click on the site and then select View Page Source. From here, we can search in the website's source code using the CNTRL + F keys for links that contain HTTP://.
The found links will need to be modified manually to use the HTTPS protocol. These links can be found either in the PHP code of the website or in the database.