Top 5 Magento SSL Problems and How To Resolve Them

The Secure Socket Layer, or “SSL”, is vital to any online store owner’s website, as it ensures that your customers’ private information is passed securely between their browsers and your web servers. Having an SSL installed tells your customers that it’s safe to shop with you, and that their banking information has a minimal chance […]

By Alyssa Schaad

The Secure Socket Layer, or “SSL”, is vital to any online store owner’s website, as it ensures that your customers’ private information is passed securely between their browsers and your web servers. Having an SSL installed tells your customers that it’s safe to shop with you, and that their banking information has a minimal chance of being stolen or fraudulently obtained. Many payment services, such as Authorize.net, won’t even let you use them unless your website has an SSL installed, so having it is a necessity for any Magento eCommerce website.

We have worked on quite a few  Magento websites and have grappled with installing an SSL on numerous occasions. It’s an easy thing to install incorrectly, and the result is that your payments will not go through appropriately, an error message informing your customers that your site is not secure, or you may see a broken padlock at the top of your screen.  If you’re trying to work with your SSL, and have noticed that little green padlock still isn’t showing up your browser’s address bar, here are a few steps you can take to combat it:

Check that SSL is installed correctly

This isn’t that much of an issue if your host or provider have provided and installed this for you. If you’ve tried literally everything else and you’re still stuck, they’re probably the best people to contact. Sometimes, the SSL (or its Certificate Signing Request, or “CSR”, which is encrypted text that holds information about your website) just has to be regenerated to fix it.
If you’ve got your own server set up, then check that the SSL is installed following the proper steps according to the type of web server you have. These vary between Apache, IIS, etc.

Make sure your Secure URL is set

If you find that your SSL has been installed correctly, but it still isn’t loading, it’s possible that it isn’t set to work in Magento’s backend.
Head over to Admin > System > Configuration > General > Web and check that your Secure Base URL is set to include “https://”, NOT “http://”, the key difference being the ‘s’ (which actually stands for secure).
Often, during development, this setting is set to http:// since setting a site without SSL to direct to https:// gives most browsers a red flag and might even prevent a user from accessing the site.  If you’re working on a development site that’s going to be turned into a live site, double check this before launching.

Don’t forget to tell Magento to use Secure URLs in the Frontend and the Backend!

A lot of times, it’s the tiniest settings in Magento that cause something not to work.  This is one of them.  Just make sure that, under the Secure URL tab in Admin > System > Configuration > General > Web , that “Use Secure URLs in Frontend” is set to “Yes”.   While it isn’t necessarily a requirement, I recommend that you set your backend it to “Yes” as well, because there are a lot of scenarios that can occur where you have to place an order through the backend. Plus, it doesn’t hurt to have all your bases covered.

Is the SSL certificate set to include www?

SSL Certificates, when purchased, can be bought with the site including ‘www’ or without it.  If you purchased it without ‘www’, you MUST set your Magento URLs to the URL matching the certificate.

For example, let’s say you’ve set your Magento installation’s Secure Base URL and Base URL to www.mycoolwebstore.com and you purchased SSL for it.  And let’s also say that when you went to purchase your SSL certificate, you specified that your site is mycoolwebstore.com. When that certificate is generated, and you find that your SSL is isn’t loading or you’re getting validity errors, one of the likely problems is that ‘www’.
A great preventative measure is purchasing an SSL certificate that allows for both ‘www’ and without. If you find that you’ve already purchased one and not the other, you can edit the .htaccess file to redirect any potential wrong-URL-wanderers to use the correct one.

Check for any insecure links on your page

This one is one of the biggest issues I’ve seen when it comes to a broken padlock.  Resources like images, javascript, and others can cause a padlock to break.  This is usually due to the resource being hardcoded with https:// or without it at all.  Fixing this can get very time consuming, because you have to go through all the insecure code and correct it.  This can involve editing an extension’s XML files to ensure that fonts are loading through https, editing CSS files to be sure any images are loading through https, and going through any CMS Pages or Static Blocks in the Magento Admin.

Some tools to help you identify any wayward resources are Chrome’s Developer Tools and Firefox Firebug.  Checking the ‘Network’ tabs and reloading the page will tell you what is being loaded through http.
I also like to use whynopadlock.com which will list every problematic resource out for you.

If you know of another Magento SSL issue that you solved in the past, please don’t hesitate to comment below.

Support Operations Manager