Using SSL over full site (not just on checkout)
-
- Lieutenant Commander (LCDR)
- Posts: 102
- Joined: Wed Apr 02, 2008 11:00 am
- Location: Stockholm, Sweden
- Contact:
Using SSL over full site (not just on checkout)
I prefer to run my site in SSL mode the whole time, not only on the checkout pages.
Is it enough to just change the Store URL in configure/security/system settings to https://mydomain.com or do I also have to select the SSL Enabled box?
Any known problem when using SSL all over the site(I read in some post there where some problems with custom urls that changed to like /category=15&product=12)?
Is it enough to just change the Store URL in configure/security/system settings to https://mydomain.com or do I also have to select the SSL Enabled box?
Any known problem when using SSL all over the site(I read in some post there where some problems with custom urls that changed to like /category=15&product=12)?
Re: Using SSL over full site (not just on checkout)
I think you will have to specify the secure path in App_data/ssl.config file. Try adding root directory to secure page like
Code: Select all
<directory path="/" />
Re: Using SSL over full site (not just on checkout)
If you use the method above it is fine for new sites. If you already have an indexed site with the search engines you need to get a 301 redirect response. Using the existing SSL feature in AbleCommerce gives you a 302 redirect response.
I just did this last week....
1. I had to disable SSL (uncheck SSL checkbox) in the admin of Able Commerce version 7.0.7,
2. change the URL to 'https' in the Domain box instead of http
3. Add this to the web.config:
4. Make sure all your internal links have https or use relative links,
5. check all styles sheets and images for references to http ...and change those to https
6. Make sure any CDN references have https or //:example.com
7. Change the Sitemap.xml URLs to https
8. If you hard coded Canonical refs change those to https
9. Go to Google webmaster tools and set up a new site definition for https... do this for Bing and Yahoo too
10. Submit a new Sitemap.xml to Google with the new https URLs.
11. Check robots.txt for http and change it to https... if need be.
12. Check your crawl for error with numerous free tools... watch for 301 redirects. that is what you want.
Within a few days it started switching over in Google and the page rank did not drop.
using IIS 7.5 windows 2008 R2 server
Hope it will help someone else!
I just did this last week....
1. I had to disable SSL (uncheck SSL checkbox) in the admin of Able Commerce version 7.0.7,
2. change the URL to 'https' in the Domain box instead of http
3. Add this to the web.config:
Code: Select all
<rule name="HTTP to HTTPS Redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
5. check all styles sheets and images for references to http ...and change those to https
6. Make sure any CDN references have https or //:example.com
7. Change the Sitemap.xml URLs to https
8. If you hard coded Canonical refs change those to https
9. Go to Google webmaster tools and set up a new site definition for https... do this for Bing and Yahoo too
10. Submit a new Sitemap.xml to Google with the new https URLs.
11. Check robots.txt for http and change it to https... if need be.
12. Check your crawl for error with numerous free tools... watch for 301 redirects. that is what you want.
Within a few days it started switching over in Google and the page rank did not drop.
using IIS 7.5 windows 2008 R2 server
Hope it will help someone else!
Last edited by laramp on Tue Jan 06, 2015 3:05 pm, edited 1 time in total.
Re: Using SSL over full site (not just on checkout)
Good info. Appreciate you taking the time to help anyone else with the same issue.
Thanks Larry!
Thanks Larry!
Thank you for choosing AbleCommerce!
http://help.ablecommerce.com - product support
http://wiki.ablecommerce.com - developer support
http://help.ablecommerce.com - product support
http://wiki.ablecommerce.com - developer support
-
- Lieutenant Commander (LCDR)
- Posts: 102
- Joined: Wed Apr 02, 2008 11:00 am
- Location: Stockholm, Sweden
- Contact:
Re: Using SSL over full site (not just on checkout)
Very useful information, thanks laramp!
Re: Using SSL over full site (not just on checkout)
You are welcome.... One more thing.... If you have URL forwarding at the domain registrar in your DNS settings... make sure you change that to https too!
Re: Using SSL over full site (not just on checkout)
Thank you for the info! Over the next few years Google is probably going to be looking to have everyone use HTTPS all of the time. Especially with all of the hacking going on lately.
http://googlewebmastercentral.blogspot. ... ignal.html
http://googlewebmastercentral.blogspot. ... ignal.html
Ryan A.
Scott's Bait and Tackle
http://store.scottsbt.com
Work In Progress
Able Gold R10
Bootstrap 3.3
Scott's Bait and Tackle
http://store.scottsbt.com
Work In Progress
Able Gold R10
Bootstrap 3.3
Re: Using SSL over full site (not just on checkout)
You are right. They said over time that may be one of their factors in page / site rank. Good to get a jump on it. Check your server to make sure it is also protected and using TLS v1.1 and v1.2.
Ssllabs.com can test it for free... Here is their recommendations
https://www.ssllabs.com/downloads/SSL_T ... ctices.pdf
Ssllabs.com can test it for free... Here is their recommendations
https://www.ssllabs.com/downloads/SSL_T ... ctices.pdf
-
- Commodore (COMO)
- Posts: 436
- Joined: Tue May 07, 2013 1:59 pm
Re: Using SSL over full site (not just on checkout)
I want to try using SSL on the whole site as well. If I change my ssl.config from this:mazhar wrote:I think you will have to specify the secure path in App_data/ssl.config file. Try adding root directory to secure page likeCode: Select all
<directory path="/" />
Code: Select all
<directory path="api" />
<directory path="admin" />
<directory path="app_themes" state="Ignore" />
<directory path="assets" state="Ignore" />
<directory path="checkout" />
<directory path="members" />
<directory path="mobile/checkout" />
<directory path="mobile/members" />
<directory path="scripts" state="Ignore" />
<directory path="webcharts" state="Ignore" />
<file path="login.aspx" />
<file path="mobile/login.aspx" />
<file path="members/mywishlist.aspx" state="Ignore"/>
<file path="passwordhelp.aspx" />
Code: Select all
<directory path="/" recurse="true" />
EDIT: I should have mentioned that it works correctly with the individual directories and files I had originally; those directories (including subdirectories) and files use SSL. The "SSL Enabled" setting is checked.
Jay
-
- Commodore (COMO)
- Posts: 436
- Joined: Tue May 07, 2013 1:59 pm
Re: Using SSL over full site (not just on checkout)
It seems like the suggestion I gave is not working in Gold. Can you try the solution posted by laramp?
-
- Commodore (COMO)
- Posts: 436
- Joined: Tue May 07, 2013 1:59 pm
Re: Using SSL over full site (not just on checkout)
That solution works, but using ssl.config sure would be easier. Is there any source code change I could do to make it work? I looked around in the code some, but I wasn't able to find anything that looked like it was parsing the ssl.config file.mazhar wrote:It seems like the suggestion I gave is not working in Gold. Can you try the solution posted by laramp?
Jay
Re: Using SSL over full site (not just on checkout)
We've logged a feature request to see if we can add this to our next release without too much trouble. I believe the SSL code might be in the licensing module, because there is a separate licensed domain field if you have a different domain for your SSL certificate.
Thank you for choosing AbleCommerce!
http://help.ablecommerce.com - product support
http://wiki.ablecommerce.com - developer support
http://help.ablecommerce.com - product support
http://wiki.ablecommerce.com - developer support
-
- Commodore (COMO)
- Posts: 436
- Joined: Tue May 07, 2013 1:59 pm
Re: Using SSL over full site (not just on checkout)
Thanks Katie, that's what I was guessing. Assuming it is in the licensing module, and you do change it so "/" works in ssl.config, would we have to upgrade the whole site to R11, or could we just use the new licensing module with R5? We have a heavily modified members-only site, and upgrading would be a significant task. (I've been keeping an eye on the release notes, and so far I've been able to implement the few security-related fixes I've seen mentioned that apply to features we are using by copying the appropriate web and source code from the respective release).
Jay
Re: Using SSL over full site (not just on checkout)
I'm not sure as of yet. In the request that was opened, we're going to investigate why the ssl.config isn't working the way it did in version 7. Any changes that are made in the licensing module would not be backwards compatible. This is the code that looks at versions and subscription dates, etc.
Thank you for choosing AbleCommerce!
http://help.ablecommerce.com - product support
http://wiki.ablecommerce.com - developer support
http://help.ablecommerce.com - product support
http://wiki.ablecommerce.com - developer support
-
- Commodore (COMO)
- Posts: 436
- Joined: Tue May 07, 2013 1:59 pm
Re: Using SSL over full site (not just on checkout)
OK, I'll just wait to see what happens with the next release then. If it ends up being a licensing module change, we'll just have to use the solution above, or "bite the bullet" and upgrade.
Jay