How to Install SSL Certificate in Magento 2?

Introduction

Enabling an SSL Certificate in Magento stores secures customer data during transactions. This guide covers installing an SSL certificate in Magento and enhancing site security.

If manual installation seems complex, Magento hosting services can assist with the setup. Managed hosting is recommended for Magento stores as experts handle server security and provide round-the-clock support.

Let’s explore SSL certificates and their installation in Magento 2.

What is an SSL certificate?

An SSL certificate encrypts data between a user’s browser and a Magento store, ensuring secure transactions. This shift from HTTP to HTTPS protects sensitive information and boosts customer trust, essential for Magento security and credibility.

How to install and enable an SSL certificate in Magento?

1. Prepare for Installation

Before we install the SSL certificate, check the prerequisites.

• Ensure budget availability for the SSL certificate.
• Confirm ownership of a registered domain name.
• Check the readiness of your web server (Apache HTTP or Nginx).
• Decide on the Certificate Authority (CA) and SSL certificate type.

2. Generate CSR and Private Key

• If you are using an Apache HTTP or Nginx web server, use OpenSSL to create your private key and Certificate Signing Request (CSR)
• Store these files in your home directory:

cd ~

• Generate a private key named, for example, malware.expert.key, along with a CSR named malware.expert.csr:

openssl req -newkey rsa:2048 -nodes -keyout malware.expert.key -out malware.expert.csr

• Provide accurate details as needed for OV or EV certificates.
• This process generates a .key (private key) and .csr (Certificate Signing Request) file.

Keep the .key file secure, and send the .csr file to the Certificate Authority (CA) to request your SSL certificate.

• To view the CSR content, use this command, replacing the filename with your chosen one:

cat yourdomain.com.csr

3. Purchase SSL Certificate

• Pick a Certificate Authority (CA) such as GoDaddy or Namecheap.
• Choose the suitable SSL certificate type and plan.
• Decide on the certificate’s validity duration.
• Add the certificate to your cart.
• Finish the purchase and registration process.

4. Request and Verify Certificate

• Locate the SSL certificate you just purchased and click on the Setup button.
• If you haven’t previously used GoDaddy for SSL certificates, you’ll need to set up the SSL Certificates product.
• Depending on your certificate type, follow the instructions on the official GoDaddy page to request the certificate.
• Once the SSL Certificates Product is added to your GoDaddy account, you will see the New Certificate option and a Launch button.
• Click the Launch button next to your new certificate.
• Paste your CSR into the provided box. The default SHA-2 algorithm will be used.
• Use the Request Certificate button for your chosen certificate.
• Ensure domain control.
• GoDaddy will email domain ownership verification to your domain’s WHOIS record address.
• Follow the email’s instructions to authorize the certificate issuance.

5. Download and Prepare Certificate

• After certificate verification, you will receive an email confirming the issuance of your SSL certificate.
• Open the email and follow the provided steps to download your SSL certificate.
• In the GoDaddy control panel, click the Download button.
• Access the Server type dropdown menu and choose your server software (e.g., Apache HTTP or NGINX).
• Click Download Zip File and then extract the contents of the ZIP archive.
• You will find two `.crt files` in the archive: the SSL certificate with a random name and the GoDaddy intermediate certificate bundle (gd_bundle-g2-1.crt).
• Copy both of these files to your web server.
• Rename the SSL certificate to match your domain name with a .crt extension (e.g., malware.expert.crt).
• Rename the intermediate certificate bundle to intermediate.crt.
• Your certificate is now prepared for installation on your web server.

6. Install SSL Certificate on Web Server

• Add SSL-related lines to your web server to install the SSL certificate on your web server software configuration. We’ll demonstrate the process with basic NGINX configurations on Ubuntu 14.04.
• Ensure you have the following files and settings:
• Private key: malware.expert.key
• SSL certificate: malware.expert.crt
• CA’s intermediate certificate(s) in a home directory at /home/user, stored in a file called intermediate.crt
• If a firewall is active, make sure it permits port 443 (HTTPS).
• If your CA provides an intermediate certificate, create a single chained certificate file that includes both your certificate and the CA’s intermediate certificates.

These files should be in your home directory:

   cd ~
   cat malware.expert.crt intermediate.crt > malware.expert.chained.crt

• Navigate to the NGINX server block configuration directory, typically located at /etc/nginx/sites-enabled:

   cd /etc/nginx/sites-enabled

• Add SSL to your default server block file and open it for editing:

   sudo vi default

• Find and modify the listen directive to enable SSL:

   listen 443 ssl;

• Confirm that the server_name directive matches your certificate’s Common Name (CN).
• Include the ssl_certificate and ssl_certificate_key directives to specify the paths of your certificate and private key files.
• Replace the example parts with your actual file paths:

   server_name malware.expert;
   ssl_certificate /home/user/malware.expert.chained.crt;
   ssl_certificate_key /home/user/malware.expert.key;

• To ensure secure SSL protocols and ciphers, add the following lines:

   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

• Optional: If you want to redirect HTTP traffic to HTTPS, add an additional server block at the top of the file, replacing the example parts with your information:

    server {
        listen 80;
        server_name malware.expert;
        rewrite ^/(.*) https://malware.expert/$1 permanent;
    }

• To apply the new configuration and enable TLS/SSL over HTTPS, restart NGINX:

    sudo service nginx restart

7. Enable SSL in Magento 2

• From the Magento Admin panel, navigate to Stores > Configuration.
• In the General tab, click Web to access the Settings page.
• Under Base URLs (Secure), expand the section.
• Update the Secure Base URL option to use HTTPS.
• Set Use Secure URLs on Storefront and Use Secure URLs in Admin to Yes in the respective drop-down menus. It ensures secure URLs are displayed on the front end and in the Admin.
• Click the Save Config button.
• After clearing the Magento cache, your storefront will reflect the SSL updates.

8. Final Check

• Ensure your Magento site is accessible using HTTPS.
• Check for the secure padlock symbol in the browser’s address bar.

Summary

Following these steps, you can install an SSL certificate in Magento 2. It secures your site and boosts customer trust, creating a safer online shopping experience.

Leading Magento hosting providers like MGT Commerce fully managed cloud hosting for Magento. These include 24/7 support and handling security tasks like SSL installation, firewalls, PCI compliance, and DDoS protection. It ensures high performance and robust Magento security, overseen by AWS experts.

The post How to Install SSL Certificate in Magento 2? appeared first on Malware Expert.