Resolve Common Magento SSL Configuration Issues

Disclaimer: Magenticians does not necessarily agree with the views expressed in this guest post. They are presented to bring to light all diverse views in the Magento and general ecommerce community.

Secure Socket Layer (SSL) has become an important aspect of eCommerce stores. SSL ensures that the two-way communication between the customer and the store remains secure throughout the duration of the transaction.

Having a store protected using SSL shows that the store owner is serious about guarding the personal information of the clients. In terms of SERP standing, a store with SSL ranks better and higher.

Installing and maintaining a SSL certificate could be a hassle for store owners. If not done correctly, the issue could seriously hamper the experience of the visitors. The result is a significant reduction in both the revenue and repute of the store.

When working with Magento SSL, the store owners should make sure that:

• SSL is installed correctly
• the secure URL is set
• Secure URLs are implemented in the frontend and the backend
• the SSL certificate is set to include www
• there are no insecure links on the store

I will now discuss the most common Magento SSL related problems that plague stores. In addition, I will also offer solutions to the problems.

1. Magento SSL Not Working

Activate SSL from the Magento admin by following these steps:

• Navigate to System > Configuration > General > Web
• Click the Secure tab
• Enable Yes for the option Use Secure URLs in the frontend
• Enable Yes for the option Use Secure URLs in the Admin
• Check the offload header as SSL_OFFLOADED

After the Magento SSL has been activated, the store’s URL will change from HTTP://  to HTTPS://.

If the issue persists, the problem might lie on the database layer. Follow these steps to remedy the situation:

• Choose core_config_data
• Run the query: Select * from core_config_data where path = ‘%web/secure/base_url%’;
• Check the value column. If it is HTTPS, it means that the admin setup has been done.

If SSL still does not work, there is something wrong with the SSL setup at your store. Sometimes, this issue crops up after successful installation and activation of SSL. An issue in the Ajax call or a third party URL call might also cause this problem. Here is how these issues could be resolved:

Ajax Call

If there is any setup issue in Ajax call, change the following code:

echo Mage::getUrl(‘MYMODULE/MYCONTROLLER/MYACTION’, array(‘_secure’ => Mage::app()->getStore()->isCurrentlySecure()));

Third-Party URL Call

The URL change should be HTTP://www.example.com  instead of HTTPS://www.example.com.

2. Magento SSL Checkout Page Redirected

This issue arises when Magento SSL is not working properly. In many instances, the checkout page gets redirected to other pages such as the homepage or the index page.

Here is the process of fixing the checkout redirect issue:

• Install SSL certificate on the Magento store.
• Navigate to Admin >  System > Configuration > General > Web.
• Go to secure settings and change the base URL to HTTPS://
• Keep the Base link URL as it is {{secure_base_url}}.
• Keep the Skin, Media, and JavaScript settings as {{secure_base_url}}skin/etc.
• Choose Yes for Use Secure URL for frontend option.
• Finally, click Save to apply the settings.

The above process is applicable to all Magento versions.

3. Unable to Get Local Issuer Certificate

To solve this problem, follow these steps:

• Create a local copy of certs and save it at a secure location on the server.
• If you are using a XAMPP file, save the file at: C:\Installation_Dir\xampp\php\cacert.pem
• Do not forget to update ini to remember the path of the file. Update the following lines:

  [CA Certs]
  cainfo="C:/xampp/htdocs/_certs/ca-bundle.crt"
  cafile="C:/xampp/htdocs/_certs/ca-bundle.crt"

• Update the file as per the location of your saved file.
• Finally, restart the server to apply the changes.

4. Installing Magento SSL Makes Admin Not Accessible

There are 2 ways of solving this issue:

• Manually add the entry for web/secure/use_in_adminhtml  into the core_config_data  Add the following SQL query:

INSERT INTO core_config_data (scope,scope_id,path,value) VALUES (‘default’,0,’web/secure/use_in_adminhtml’,1);

• Change the URL in the table back to HTTP://your.domain.com/.

Clear the cache in both the cases by deleting /var/cache.

5. Magento 404 Page Not Found With SSL

The SSL has its own configuration files and sometimes when SSL does not work well, it may give the error of 404 (Page not found). Normally, the file is as:

sudonano /etc/apache2/sites-available/default-ssl

You need to change the ‘AllowOverride None’ to ‘AllowOverride All’ and then restart your server.

sudo /etc/init.d/apache2 restart

After the server has been restarted, you will see that all the pages are working fine. If you are getting any page content related error then check for any external URLs on the page. Try to eliminate the external URLs and include only relative URLs.

6. 403 (Forbidden) Error When Using Magento SSL in Admin

The error code 403 (Forbidden) is sometimes returned intentionally in cases when:

• A user should not have access to specific pages of the store.
• A user is trying to access a directory for which the autoindex has been set to off.
• A user is trying to access a file that can only be accessed internally.

However, for the purpose of this article, I will discuss the cases where the error occurs unintentionally.

The Permission Has Not Been Correctly Set

This is the most common reason behind this issue. If you wish to serve a file, the server must read and execute the permissions in the hierarchical directory of the file. For example:

In the case of /usr/share/myfiles/image.jpg, the server should have read and execute permissions for /, /usr, /usr/share, and /usr/share/myfiles. If you do not want to see this error, you need to use the standard 755 for directories and 644 for the files.

You can use the utility namei for checking the permissions of the path:

$ namei -l /var/www/vhosts/example.com

 

f: /var/www/vhosts/example.com

drwxr-xr-x root     root     /

drwxr-xr-x root     rootvar

drwxr-xr-x www-data www-data www

drwxr-xr-x www-data www-datavhosts

drwxr-xr-xmconnectmconnect    example.com

The Directory Index Has Not Been Defined Properly

The index directive for a standard PHP setup is:

index index.html index.htm index.php;

In the above example, the server will first serve index.html, then index.htm and finally index.php. When all the above directories are not found or not responding, then the 403 forbidden error is returned.

7. HTTP vs. Https Duplicate Content Issues

Http and HTTPS are considered separate ports. However, search engines consider the contents from both the versions as duplicate content. From SEO perspective, this is a serious issue. There are 3 fixes for this issue:

Canonical Link Elements

The canonical link elements are added into the head tags of the webpages:

<link rel=”canonical” href=”HTTP://www.domain.com/star-wars/toys/cut-outs/luke-skywalker.html”/>

These link elements highlight the canonical location of the contents. So, when the search engines crawl the website, only the Https version will show up in the search results.

Serve a Different Robots.txt for Https

In this solution, you allow search engines to crawl the HTTPS version of the store. Here’s what you should do:

• Use .htaccess to serve the two different Robots.txt files. Save the regular non secure HTTP file as robots.txt and save the secure HTTPS file as robots_ssl.txt
• Apply the following changes to the .htaccess file:

RewriteEngine on
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^robots\.txt$ robots_ssl.txt [L]

• This rewrite will serve the robots_ssl.txt as robots.txt.

Meta Robots Tag

If the above two methods do not help with the issue, Meta Robots tag can be used. This tag allows the pages to be crawled but not indexed. To use the tag, the following code is added to the Head tag of the web pages:

<?php

if(isset($_SERVER['HTTPS']) &&strtolower($_SERVER['HTTPS']) == 'on') {

echo'<meta name="robots" content="noindex,follow" />'. "\n";

}

?>

8. Infinite Redirect Loop When SSL is Enabled in Magento Admin Area

You might face this issue while you are turning the SSL on in the Magento Admin Panel.

The problem could lie in the model app/code/core/Mage/Core/Model/Store.php:

public function isCurrentlySecure()

{  

            if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {

            return true;

            }  

            if (Mage::isInstalled()) {

                        $secureBaseUrl = Mage::getStoreConfig('web/secure/base_route_url');

                        if (!$secureBaseUrl) {

                                    return false;

                        }  

                        $uri = Zend_Uri::factory($secureBaseUrl);

                        $isSecure = ($uri->getScheme() == 'HTTPS' ) &&isset($_SERVER['SERVER_PORT']) && ($uri->getPort() == $_SERVER['SERVER_PORT']);

                        return $isSecure;

             } else {

                        $isSecure = isset($_SERVER['SERVER_PORT']) && (443 == $_SERVER['SERVER_PORT']);

                        return $isSecure;

             }  

}

When there is no web/secure/base_route_url  in core_config_datatable , the default response isCurrentlySecure  always returns false.

You can fix it by adding server variable HTTPS  with on value.

Using Nginx with PHP-FPM, add these lines to nginx.conf:

fastcgi_param HTTPS on;

Reload the server and everything should be working.

9. SSL-HTTPS Magento Frontend Layout Issue

Changes to work site using HTTPS are:
In Configuration,
In Unsecure section
Base URL: remove HTTP

In secure section
Base URL: add HTTPS

And then refresh the cache.

10. Admin Login Failed After Magento SSL is Enabled

This issue is generally seen after enabling the SSL in Magento Admin. Following steps will fix this issue:

• Go into the database and in core_config_data  table, update the record with the path of web/secure/use_in_admindata  by setting the value field to 0.
• Repeat the same process using the record with the path of web/secure/use_in_frontend  and again set the value field to 0.
• Using SSH, log into the hosting account, and issue an rm -rf ~/public_html/magento/var/cache

When you are using a shared server or host, you need to rename the cache directory.

How Do I Change Magento Base URL?

The Magento base URL can be set as per the requirements of the store. To change the base URL, login to the Magento admin panel and then modify the option of Base URL at System > Configuration > Web > Unsecure > Base URL  and System > Configuration > Web > Secure > Base URL.

Once the changes have been made, you need to do cache management by going to System > Cache Management.

If the Magento admin panel is inaccessible, you need to make the changes in the database. Login to phpMyAdmin, navigate to core_config_data  table, and change the values of the fields with web/unsecure/base_url  and web/secure/base_url  path.

To apply the changes, flush the cache in Magento by deleting everything in var/cache  directory.

11. Magento SSL Related Warnings During Checkout

When you go live with a Magento store, the checkout process might require several fixes and debugging. While testing the web pages, pay close attention to the images in header and footer as they can create the bulk of the issues.

To fix this, you should use the direct link of the images instead of using the reference or source links.  So instead of

<imgsrc=/media/wysiwyg/image1.jpg”}}” alt=”” />  (Shorthand image source link)

Use <imgsrc=”//yoursite.com/media/wysiwyg/image1.jpg” alt=”” />  ( Direct image source link)

This informs the browser that it should load the resources that are important as per the present area. In particular, use Chrome for testing the store, because it detects most of the errors in any website.

These are the solutions for some of the common Magento SSL related issues. I hope that you are able to apply the fixes yourself without any issues. If you so face problems, feel free to contact us.

Author Bio

Yogesh Trivedi is an experienced ecommerce Consultant along with an expertise in Magento. He has been with Magento since its inception and very well knows how to utilize his talent in the clients’ projects. Working at M-Connect Media, a Magento ecommerce Company, he has helped various ecommerce businesses to achieve their goal and build up their brand.

Subscribe Newsletter

Subscribe to get latest Magento news