Once the SSL certificate is activated on the server do the following.
In the Backend of Magento:
- System | Web | Unsecure | Base URL | change to https://www.example.com/
- System | Web | Secure | Base URL | change to https://www.example.com/
(obviously change example.com to your domain name)
And here are the .htaccess tweaks:
Add this code:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Below this line:
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
So that you get this:
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Also so that you get proper redirection of the non www versions to the https://www. versions of the pages (rather than just to the homepage) add this code to the top of the .htaccess file:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
This is the basic setup, there are many complications, if you have any questions please ask and I’ll try and help.
If for whatever reason the above doesn’t work and your site is inaccessible, undo the .htaccess modifications – and to undo the backend modification go into your databse via PHPmyadmin and change the https entries to http in the correct table: core_config_data
Fishpig / Wordpress / Subdomain Modifications
Further, if you are using the FishPig wordpress plugin for your blog in magento, you’ll need to do some more mods – this is assuming that you are using the blog on a subdomain which will need it’s own SSL certificate:
- Firstly backup you wordpress database.
- In the backend of Worpdress install the Search & Replace plugin and use it to automatically change all: http://blog.example.com to https://blog.example.com
- Change the WordPress Address (URL) & Site Address (URL) to the https versions by adding the following lines to your wp-config.php file:
define(‘WP_SITEURL’, ‘https://blog.example.com’);
define(‘WP_HOME’,’https://www.example.com/blog’);
The reason I do it in here is that it is easy to undo if you need to… obviously change example.com to your domain name, and blog to whatever your blog subdomain / directory is.
- In the wordpress .htaccess file add the following (this will force the https – if you don’t uses this I have seen intermittant issues with images not showing):
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
