Install SSL or https

[Quazatron]

Hi everyone,

I'm trying to secure my prestashop and I have a few questions for this community.

First of all I'm trying to:
1- Secure only portions of the shop. Not the entire site.
2- I wouldn't want browsers to warn about mixed content, secured and not secured. Secured pages should only exhibit secured material.

I'm already aware of an option on the back office to turn https on, but I do not know exactly what it does.
My host installed my certificate on the server and emailed me informing that they have created a sub-folder for the secure content. This folder sits on the root folder of the site (www). They added that willing to, they could install the cert on the root instead.

I'm not exactly sure of what needs to be done here. Should I move the files and/or folders that I wish to secure to the specific folder they created? If so I have no idea of what folders or files to move...

Is it advisable to install on the root dir (www) instead? Wouldn't that turn ALL the site secure?

As you may have guessed I know nothing about webdesign!

If anyone can shed some light on theses matters I would be very thankful.

[Roberto125]

Good afternoon Quazatron,

it is a good thing that you secure your prestashop.

1) When you purchase a SSL certificate to secure your website, you have the possibility to secure the FQDN and/or Subdomains as well.

For instance:
https://www.networking4all.com/ >>> it is the FQDN (Fully Qualified Domain Name)

mail.networking4all.com
autodiscover.networking4all.com
owa.networking4all.com

These are the subdomains (among many others)

2- If you want to avoid these error messages you always have, then it is preferred to avoid installing auto-generated SSL certificates from your server. The solution is to take SSL certificates from known Certificate Authorities like:

_ VeriSign
_ GlobalSign
_ thawte
_ GeoTrust
_ RapidSSL

Networking4all resells their certificate at a more profitable price.

Internal options like auto-generated SSL certificates to turn https on is a solution not to use because you will always have these error messages and as a consequence disturb the visitors.

With a SSL certificate, you secure the FQDN and everything which is after already.
Example: https://www.networking4all.com/ (and everything after)

But if you want to secure only subdomains like:
mail.networking4all.com

then you can also do it.

If you have any other questions, please do not hesitate, I would be more than happy to help and advise you.

[Ketter]

Roberto125,

I have a GlobalSign secure cert installed which was handeled by my hosting company. However I can not seem to get my prestacart installation to stay connected to https. It starts out https but as soon as someone clicks on the homepage logo it goes back to http. Also, all pages still have a warning that some information on the page is not secure so I do not get the green padlock I am expecting.

I checked the box in admin about using SSL, but honestly, it doesnt seem to have changed a single thing. Can you tell me if I am doing something wrong.

Robert

[Roberto125]

Good day Ketter,

please check here:

Is your website safe?
Check here: http://www.ismysitesafe.com

Probably, your SSL certificate is not properly installed.

[Roberto125]

and please let me know what you get.

[deafmouse]

mine says its installed properly. but i still get the warnings. can you check my site out please its www.sognami.ca