Follow the step by step instructions to Install and Enable SSL Certificate in Magento 2.
Install and enable SSL certificate in Magento 2 requires specific technical knowledge and a specific process. SSL certificate is now obligatory for any website as Google also encourages site holders for SSL installation. If we talk about ecommerce platforms then, SSL installation requires a proper process. In this article, we will talk about one of the open-source ecommerce platforms called Magento 2 and SSL security. Before digging further, let us get brief information about Magento.
Magento being an open-source platform, works on PHP language. Varien Inc., based in California, had built the Magento platform.
More than 100,000 stores have been made on Magento. Magento 2.0 was released in Nov. 2015 with some exciting features like decreased table locking issue, enhanced page caching, more scalability, new file structure, increased performance, secure payments.
Magento is a favored ecommerce platform for many websites, but it is also found vulnerable in the past years, as per the report. Several attack vectors have badly impacted the Magento platform. The below image shows the CVE details with ratio.
Why is SSL certificate essential for Magento 2 store?
SSL certificate brings strong encryption for data travelling between the server and the browser. The website security assures users that the details they share will remain encrypted, and no third-party intervention is allowed. A secured website will have more conversions as users feel secure on such a website. Google is also giving ranking benefits in search engines if the website runs on HTTPS/SSL certificate. So, let us discuss how to install and enable SSL certificates in Magento 2.0.
Install and Enable SSL certificate in Magento 2.0
SSL certificate can be obtained from a reputed certificate authority or other SSL providers. For that, a certificate signing request (CSR) should be made. CSR contains basic information about your company like domain name, country, state, address, email address. You can create CSR from the server like cPanel, Apache, OpenSSL, etc. Here, we have taken the cPanel server for CSR generation.
- In cPanel Dashboard, access the security tab and choose SSL/TLS manager.
- On the right side, choose CSR (Certificate Signing Request) from the drop-down menu; the default private key will be the 2048-bit RSA key.
- You will have a new window to enter the required information and Generate a New Certificate Signing Request by clicking on the ‘Generate’ button.
- Review details before clicking on the ‘Generate’ button.
- Now, copy the generated CSR, paste it in notepad, save it on server/desktop, and send it to the certificate provider from where you wish to get an SSL certificate.
Once the certificate authority checks CSR and complete the configuration process, the certificate authority issues a certificate. In some validation types, the CA also checks business-related documents and the status of the business.
Install SSL Certificate in Magento 2
After receiving an SSL certificate file (.crt) in email, it is time to install an SSL certificate on Magento 2.0.
- Again, access SSL/TLS Manager in cPanel.
- Select the Certificate (CRT) option on the right side of the panel.
- You will have a new window where you need to copy and paste the content of a certificate and click on ‘Save Certificate.’ You can also click on the ‘Browse’ option to upload the certificate.crt file and click on ‘Upload Certificate’.
- Now, click on ‘Install and Manage SSL for your site (HTTPS)’ on the right side.
- From the drop-down menu, choose a domain name, click ‘Autofill by Domain.’ The certificate file content and private key content will be retrieved from the system. Finally, click on the ‘Install certificate’ button.
After installation of an SSL certificate, you need to enable an SSL certificate in Magento 2.0 store.
- Access Stores>>Configuration.
- Under ‘General Menu click on ‘Web’ tab.
- You will have a ‘settings’ page to select ‘Base URLs (Secure)’.
- Change the URL from HTTP to HTTPS in the selected ‘Base URLs (Secure)’ field.
- In the ‘Use Secure URLS in Storefront’ option, select ‘Yes’ to access storefront pages by default on the HTTPS URL.
- In the ‘Use Secure URL on Admin,’ select ‘Yes’ to access the admin panel by default on HTTPS URL.
- Finally, click on ‘Save Config’ and your Magento store is now enabled with an SSL certificate.
If the website does not have an SSL certificate, the website throws a ‘Not Secure’ warning message. A warning message compels visitors to move away from the website, which results in the benefit of your rivals. Remember that SSL does not stop cyber-attacks but offers website security for online transactions and boosts confidence.