Enabling Store-Front SSL Security
From Spiffy Stores Knowledge Base
An SSL certificate is used to encrypt and secure a web site, and you'll find an SSL certificate is used to provide an https:// session for your web browser when you go to the checkout pages of your Spiffy Store.
When your web browser session is using an https:// session on a page, then all of the data on that page is encrypted, and nobody can read or intercept the data except the web site that you are connecting to. This ensures that your personal and financial details are safe and secure.
Contents
Securing the Internet
As the Internet grows and expands, it's important for us all to take care to keep our personal information safe. At Spiffy Stores, we've always put a high priority on security, and we're happy to be able to now provide free SSL certificates for all domain names on all Spiffy Stores.
We believe that it's now incredibly important to provide a safe and secure environment for both you and your customers, and we're helping with that by enabling you to use a free SSL certificate to secure and encrypt all of your Spiffy Stores pages as well as the checkout pages which were already secure.
Once you enable Store-Front SSL, your customers will see all of your store's pages displayed with a secure padlock icon on the web browser. This will give customers greater confidence in being able to make purchases from your store.
Getting some help from Google
We're not the only ones who know that security is important.
Google has already announced that you will get better SEO results if you encrypt your store with an SSL certificate.
So, at the end of the day, it looks like there's really no reason not to encrypt.
You'll have customers who are happy to buy your products because they can see that you take their security seriously, and you'll have a helping hand from Google as well.
The steps you need to take to encrypt
It's a pretty simple process to enable your SSL certificates. Simply go to the Preferences -> DNS & domains page in your store's admin.
There you'll see a list of the custom domain names that you've added to your store. Next to each domain name, you may see a note that an SSL Certificate is available for the domain name. This means that a certificate has already been acquired for that domain name and that it's ready to be enabled.
Don't worry if all your domain names don't yet have certificates. Once you enable Store-Front SSL, we'll try to request certificates for the remaining domain names.
Under the Enable Store-Front SSL Security heading, you'll find a checkbox that you can use to enable SSL for your store. Just click on the checkbox, and we'll start the process of requesting any missing certificates and switching your store to https:// mode.
What happens if something goes wrong
It's possible that we're not able to enable SSL for your store in some cases.
In order to have Store-Front SSL enabled, all of your domain names must be active and delegated or configured to point to your store. If you have a domain name configured that doesn't connect your web browser to your store, then it is not possible to request an SSL certificate for that domain name.
If you've only just purchased a new domain name, the delegation process may not have been fully completed, and in this circumstance, you'd need to wait up to 24 hours before trying again to enable Store-Front SSL.
A few things to check
Use relative links
When a page is displayed in https:// mode, you may see a warning in your browser that the page is not secure because it contains data from a non-secure source. Usually this means that you have imbedded images or javascript from another site using standard non-secure http:// links.
You will need to ensure that you don't have any hard-coded http:// references on any of your store pages to avoid this sort of error. Usually you can avoid this problem by coding relative links to your included data.
For example, change
http://external.site.com/images/sample.jpg to //external.site.com/images/sample.jpg
For links to your own store
http://mystore.spiffystores.com/sites/9999/products/999999_sample_large.jpg to /sites/9999/products/999999_sample_large.jpg
Update Google Search Console
Add an https:// version of your store and your sitemap to your Google Search Console account.
Google treats http:// and https:// versions of your store as different properties, so you need to create a new one for your SSL encrypted site.
You'll find further information about using Google Search Console in the article "How to verify your site in Google Search Console".
SEO Considerations
When you enable Store-Front SSL for your Spiffy Store, we take care of all the redirects from the non-SSL versions of your pages to the new, encrypted versions.
As far as Google is concerned, it knows that you are now permanently redirecting your old http:// pages to the secure versions and will update its indexes appropriately, so there shouldn't be any negative impact to your search ranking.
Is your store showing as not secure?
If you have this issue, please go to the Preferences -> DNS & domains page in your store's admin and enable SSL. If it's already enabled, disable it, wait a couple of minutes, and then re-enable it.