by Fabio Porta, alias Nemo1
This article is the fourth in PrestaShop’s Guest Blogger series. Its content was created by PrestaShop Expert Fabio Porta, a valued Community member (Nemo1) and the owner of Nemo’s PostScriptum.
Let’s see how to do enable properly SSL in PrestaShop, especially when they have custom themes!
Some words about SSL
If you don’t know what SSL is, or have heard about but don’t grasp the concept, here it is: SSL is a cryptographic protocol that basically secures data sent across pages with a cryptographic key. It’s basically used to secure credit card transactions, and sensible data like login details, or personal information. In PrestaShop, the back office login, front office account pages and orders can be secured with SSL by default. Of course, you can secure other pages if you want, but this is beyond the scope of the quick tip.
Get your certificate first!
Before even thinking on implementing SSL in PrestaShop, you must buy an SSL Certificate. It doesn’t come for free in any hosting plan I know, and it has to be bought separately for each domain. This means that if you have myshoes.com, and myshoes.net, 2 SSL Certificates will be needed. Most hosting providers also require you to buy an additional dedicated IP address. Let’s see how to buy an SSL Certificate.
Setting up an SSL Certificate
Most of the hosting providers offer about the same way to get an SSL certificate. I’ll also assume you already have a domain, without the SSL Certificate.
First, login to your hosting account, and navigate to its dedicated Support Center. You’ll usually find a link for SSL, with any additional information you may need. You can ask the certificate in many ways: calling them, using the live chat, sending an email, or opening a ticket. The important thing is that you provide the following information:
- Hosting Account Username
- Host to make cert for: (usually domain.com or www.domain.com)
- Country (2 letter abbreviation):
- Company Name:
- Company Division:
Also keep in mind that if you already have your own certificate, many hosting providers will install it for FREE.
As for their pricing, the SSL itself you shouldn’t have to pay more than $25.00/year, and only a couple of bucks more per month for the dedicated IP.
Check that the certificate is working
After some time (usually, a couple of days) you’ll receive confirmation of the successful installation of your certificate. It’s time to test it out. Login to your PrestaShop admin panel, and navigate to Preferences -> General. The very first option will allow you to test out your new SSL certificate:
Click on Please click here to use HTTPS protocol before enabling SSL.
If everything works out correctly, after the page refreshes your address bar will have https:// at the beginning, with a padlock right in front:
If, for some reason, you can’t access the page (Internal Server Error 500, 404 not found, 102 (net::ERR_CONNECTION_REFUSED) or anything else) your SSL certificate is not setup correctly. If this happens contact your hosting immediately, since you can’t do anything about it.
Else, if you can display the new page, set Enable SSL to Yes, and save.
At this point, your content should be secured. Access an account page and try placing an order in your PrestaShop front-office. You should get the https:// prefix for the URL.
But this might not happen at times, even though the secure link was okay for your admin page. If you get some new 404, 500, or 102 errors, the only option is to contact the hosting. Let them also know if you use Friendly URLs, as this might conflict at times. A bunch of other issues can be solved anyway.
The page at http://mysitesname.com ran insecure content from http://anotherpage.com/file.ext
If your theme has a slider, you will need to change the prefix for those.
I can’t access my site (back nor front office) anymore!
Your server’s SSL settings might be wrong. In this case, you must force PrestaShop not to use SSL. Login to your phpMyAdmin (or any other database manager). Access the configuration table, and locate PS_SSL_ENABLED. It should be set to 1, crush it to zero. This way, you’ll be able to access your site again, but of course you’ll have no SSL. Be sure you further investigate the issue, before trying to turn it on again!