Q: How to I get OpenCart to use my existing SSL certificate?
A:
PLEASE NOTE, AT THIS TIME "SHARED SSL" CERTIFICATES WILL NOT WORK WITH OPENCART.
YOU MUST HAVE YOUR OWN PRIVATE ONE. YOU CAN GET THEM CHEAP FROM GODADDY.COM (ranging $10-$25 USD)
Cheap SSL certificates are more than enough for smaller stores. The only time you'd need something more expensive is if you ran a store like yahoo or amazon that offered multistores and the ability to save credit card details, etc to your site. For 95% of stores, a cheap ssl is more than enough.
Understanding SSL Certificates:
SSL Certificates are at the domain level. They are transparent to the type of software you use.
As long as the software used supports SSL, then it doesn't matter what type of SSL or when you got it, so long as it is valid.
OpenCart fully supports SSL during checkout and account based pages.
It automatically switches to "https://" during checkout and account pages
But stays in normal "http://" mode when browsing generic pages like products and information
How to enable SSL in OpenCart.
1. Admin->System->Setting->Server Tab
Use SSL: True
2. a) EDIT: config.php
b) FIND (Note this is the HTTPS section, not the HTTP section):
Code: Select all
// HTTPS
define('HTTPS_SERVER', 'http://yoursite.com/');
define('HTTPS_IMAGE', 'http://yoursite.com/image/');
3. If you want the admin area to be secured as well, make the same change in the admin/config.php file
That's it!
Try your store and check the account or checkout pages for it to switch to "https//" mode.
Troubleshooting
If you are getting a broken padlock, or a red strike out over the https or popup about mixed content, or any other sign of broken https.. Go to http://whynopadlock.com and enter the url of the secure section of your site.
It will tell you what is wrong.
Usual suspects:
- Your ssl certificate is set for https://www.yoursite.com, but you are using http://yoursite.com or vice versa. The "www" part is important.
- You've got an image defined by full absolute path from your http or an external http site
- You've got an external javascript you are calling by "http://" somewhere. Change that url to just "//" and it should autoswitch to https mode when needed (assuming you are using google apis or some external site that supports https)