How do I enable HTTPS for Magento?

Overview

Enabling HTTPS for Magento is a critical security step that encrypts data between your store and customers, protecting sensitive information like login credentials and payment details. At HostingDuty, we see this as a baseline requirement for any production Magento deployment.

Prerequisites

Before configuring Magento, you need a valid SSL certificate. You can obtain one from a Certificate Authority (CA) or use Let's Encrypt for free certificates. The certificate must be installed on your web server before Magento can use it.

Web Server Configuration

Your web server must be configured to serve content over HTTPS and redirect all HTTP traffic to HTTPS. For Apache, this typically involves enabling the mod_ssl module and configuring a virtual host. For Nginx, you configure the listen 443 ssl directive and point to your certificate files.

Magento Configuration

Once the web server is ready, you must update Magento to recognize the secure connection. This involves setting the base URLs for both the admin and storefront to use https://. You can do this via the Magento admin panel under Stores > Configuration > General > Web, or directly in the database by updating the core_config_data table.

Additionally, you must enable secure cookies and force secure links. This ensures that session cookies are only transmitted over HTTPS and that all internal links use the secure protocol. Refer to our guide on configuring SSL and security for detailed steps.

Verification

After making changes, verify that your store loads over HTTPS and that there are no mixed content warnings. Use tools like SSL Labs' SSL Test to validate your certificate configuration. You can also check your browser's address bar for the padlock icon.

Security Best Practices

Beyond enabling HTTPS, implement additional security measures like two-factor authentication (2FA) and reCAPTCHA. These features help protect your store from automated attacks and unauthorized access. Learn more about Magento security best practices in our knowledge base.

Related Resources

For more information on Magento security, see our comparison of Magento vs WooCommerce security and our SSL glossary entry. You can also read the official Magento documentation on SSL configuration for authoritative guidance.