Set up SSL certificate in the shop

SSL / TLS

SSL / TLS are general terms for a network protocol for the secure transmission of data. TLS is the successor to SSL. If you secure the connections to the shop with SSL / TLS, the data between the shop and the connected user are transmitted in encrypted form and thus offer far less scope for attack than an unencrypted connection.

You can decide for yourself which technology you should use, but the current browsers already give various recommendations here, for example, SHA-1 algorithms should no longer be used from 2017, as they are no longer classified as secure. In principle, however, it is advisable to use current technologies such as: TLS 1.2 with SHA-2 algorithm. Which certificate you use is completely irrelevant for Shopware, the main thing is that it is technically correct and installed.

Activate SSL

Once the certificate was installed, you have to activate SSL in Shopware, how that works, you can see here.

Just open the shop settings in "Configuration > Basic settings > Shop settings > Shops" and choose the desired shop, which should get SSL activated. Activate the option SSL support (1) to secure all frontend connections. If you encrypt security related places only, if may happen, that additional content like images were loaded unencrypted, some browsers classify this as mixed content, which may be a problem. So it makes sense to secure all connections to avoid this problem. 

Redirect all requests

On simples cases, you might just want to redirect all HTTP requests to the equivalent HTTPS route. In these cases, you can use the following generic rule in the htaccessfile wich you can find in the mainfolder of your shop:


RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Example:

  • http://foo.example.com -> https://foo.example.com
  • http://bar.example.com -> https://bar.example.com

Redirect all subdomains


RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://secure.example.com%{REQUEST_URI} [L,R=301] 

Example:

  • http://foo.example.com -> https://secure.example.com
  • http://bar.example.com -> https://secure.example.com

Source domain specific

Should your shop require a more specific approach, you can also use a per domain approach. The following example show how you can redirect all unsecure requests to http://unsercure-domain.com to https://secure-domain.com


RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} (www\.)?unsecure-domain\.com [NC]
RewriteRule ^(.*)$ https://secure-domain\.com%{REQUEST_URI} [R=301,L]

Was this article helpful?