Top Magento Hosting Providers for 2018
Check'em Out

How to Install and Enable SSL in Magento 2

In the previous installments in my series on Magento 2 security, I have discussed integrating 2FA and reCAPTCHA based security for Magento 2 stores. In this installment, I will continue with installing and enabling Magento 2 SSL certificates.

There are many aspects of running a successful ecommerce store that should be considered in the early stages of a business. One of the key factors is to provide your users with a secure platform where they do not have to worry about privacy. Using SSL certificate to protect your online store has become a standard procedure in the retail industry.

What is SSL?

SSL- Secure Socket Layer certificate is used to secure a website as it establishes an encrypted link between the web server and a browser. The biggest advantage of SSL is that the data between encrypted link always remain private. In simple words, adding SSL Certificate to the store would mean that you are protecting the user’s private information such as login credentials, credit card information, and other sensitive data.

Install and Enable Magento 2 SSL Certificate

Magento 2 is one of the most powerful and customizable ecommerce platforms. In order to add Magento 2 SSL, you will need to first buy it or some hosting providers also offer Let’s Encrypt SSL Certificate which is FREE. I will show you how to add Magento 2 SSL, follow these steps:

Install Magento 2 SSL Certificate

I will show you the method to install Magento 2 SSL on shared as well as on managed hosting servers.

Shared Hosting

For shared hosting, I have used the server from A2 Hosting. Go to the cPanel and click on SSL/TLS under Security section:

Click on SSL-TLS magento 2 shared hosting

Now you will be redirected to the SSL/TLS page, here, click on Generate, view, upload or delete SSL certificates:

view lets encrypt ssl a2 host

Here you will see the Let’s Encrypt SSL already installed under Certificates on Server list. However, if not, then you can contact their customer service and they will install it. When Let’s Encrypt is enabled, the process of renewing SSL certificates is done automatically. According to their process, the Let’s Encrypt SSL will renew every 90 days.

Now to add your own purchased SSL certificate you need to follow some steps. First go back to SSL/TLS page and click on Private Keys:

click on pvt keys shared host

Here generate a private key for SSL certificate:

generate pvt key a2 hosting

Now go to Certificate Signing Requests (CSR):

generate CSR A2 Hosting

Here you have to enter details to create a CSR file which you have to submit to the SSL Provider and in return, you will get yourdomain.crt (Certificate Code) and yourdomain.ca (Chain File).

Now go to Certificates(CRT):

click on certificates CRT shared hosting

Here you have to upload the certificate, paste the body of the certificate or just upload the .crt file which you have got from your SSL provider:

uplaod ssl certificate a2 hostinguplaod ssl certificate a2 hosting-2

Now, at last, go to Install and Manage SSL for your sIte:

install ssl shared host

Select the domain and you will have the option to autofill the required details or you can also add them manually which you got from the SSL provider:

install ssl a2 host -1

install ssl a2 host -2

You can use the same method to install SSL certificate to any of your shared hosting.

Managed Hosting

For managed hosting, we have used the server of Cloudways. Go to their admin panel and then go to applications:

select application cloudways

Click on the application for which you want to install SSL and you will be redirected to its management. Then go to SSL Certificate.

They give you an option to install Let’s Encrypt SSL and also you can add the custom certificate.

First, let’s understand the method for Let’s Encrypt.

Enter the email address and domain name, click on Install Certificate and the process will be started:

add email domain ssl cloudways

cloudways ssl installing

After the completion of the installation process, the Let’s Encrypt SSL will be installed. On the left side, you will see the AUTO RENEWAL option, you can set it to auto or you can also do it manually by clicking on RENEW NOW:

auto renew cloudways

Now to add other SSL certificate, select Custom Certificate. Click on CREATE CSR:

create CSR Cloudways

Enter the details and then click on Submit to generate CSR file:

CSR details cloudways

Once it’s done, you will get the option to download CSR file and to install SSL certificate.

First, submit the downloaded CSR file to the SSL provider to get yourdomain.crt (Certificate Code) and yourdomain.ca (Chain File). Then click on INSTALL CERTIFICATE and a popup will appear where you have to enter the Certification Code and CA Chain (provided by SSL provider).

Enable Magento 2 SSL

Once the Magento 2 SSL installation is done, to enable it, Go to Stores → Configuration from the admin panel of your store:

Stores-Configuration Magento 2 2FA

Now click on Web under General Tab:

click on web

Unfold the Base URLs (Secure) section and update the Secure Base URL field by changing http to https:

secure base url

Now select Yes for Use Secure URLs on Storefront and Use Secure URLs in Admin fields:

select yes

Use Secure URLs on Storefront: By selecting Yes, all of your storefront pages will open with https.

Use Secure URLs in Admin: By selecting Yes, your store admin panel will be open with https.

Lastly, just click Save Config:

save configuration

Final Words

SSL is one of the most useful and important layers to secure your Magento 2 store. Following this simple tutorial, you should now be able to install and enable Magento 2 SSL to redirect your store from http to https. If you have any questions, feel free to use the comment box below!

 

About Author

Syed Muneeb Ul Hasan is an expert in PHP and Magento, he prefers to educate users in implementing and learning Magento. When not working, he loves to watch cricket.