Magento SSL Validation

Magento SSL Validation

Posted on by

Cross browser inconsistencies

Different browsers handle security in different ways. If you’ve obtained and installed an SSL certificate on your Magento website – more than likely you have a few pieces to clean-up before the https:// secure URL will add credibility to your eCommerce site. If there are any security risks (non-encrypted resources) on the page – Chrome will even cross-out the https:// within your URL.
Even worse, this is the description of the above display at Chrome Support is: The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.

Resolving SSL Issues with Magento

Obviously the whole point of the SSL certificate is to exude reliability and legitimacy – so displaying a broken certificate can sometimes be worse than having none at all.
The primary reason any 3rd party signed certificate is rendered ‘invalid’ is there are http:// references within the source of the page. There are several places to modify Magento’s theme templates to eliminate all references.

1. Go through any static blocks, widgets, or content sections of CMS Pages and either modify absolute links to relative*, ie http://www.yourdomain.com/images/logo.jpg changes to /images/logo.jpg.

2. In /app/design/frontend/yourtheme/template/page/html/ modify footer.phtml, header.phtml, and head.html to change any absolute references to relative references*.

3. In each of the page templates used, located in /app/design/frontend/yourtheme/template/page/ or /app/design/frontend/base/template/page/ all of the references need to be updated. Even references to the doctype and meta information need to be set to https:// references.

If the resource is not located on the same hosting server, use an absolute path starting with https://, if the remote hosting server isn’t secure – you’ll need to download the resource and host it or you’re out of luck.

This entry was posted in Articles, eCommerce Strategy, Resources, Web Development by atomni. Bookmark the permalink.

About atomni

atomni is a hybrid web marketing agency and web solutions firm in Philadelphia, PA

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>