Site Wide Ssl (Https)

[DARKF3D3]

I just bought an SSL certificate and I want to enable it site wide.

 

Enable SSl can cause any problems on the website o I can simply enable it without worry?

 

In case of problem I can easily deactivate it and come back to the previous situation?

[bellini13]

Well first thing you should do is install the certificate on your website, and confirm that it is working properly outside of Prestashop.

 

After the SSL certificate is installed on your server, create a simple test.html file on your server, and then try to view that test.html page using HTTPS and confirm it works properly, and that you do not receive any warnings.  Have your hosting provider assist you with this

 

Once you confirm the certificate is installed and working, then simply go in your back office and enable SSL.  If things do not work, you can always disable SSL in Prestashop

[DARKF3D3]

Ok, just tested and SSL seem working correctly, but the setting into B.O. to enable SSL enable it only for some page and not all.

There's no way to enable SSl on all the website pages?

[tdr170]

What version of Prestashop are you using, on the Preferences page after you enable SSL and save another option will appear to enable SSL on all pages.

[bellini13]

The "Force SSL" option only exists on more recent versions of Prestashop.  You likely do not have this option, which would require you to make some core code changes to force it

[DARKF3D3]

1.6.0.9

Yes, you're right I didn't notice that after SSL enabled a new setting appear.

 

Now I'm trying solving various problem of resorce called with http insead of https.

 

 

The first it's with the "Block search module"

<form method="get" action="{$link->getPageLink('search', true)|escape:'html'}" id="searchbox">

 

This code apparently generate an http link:

{$link->getPageLink('search', true)|escape:'html'}

 

Do you know I can load it with https?

Edited March 3, 2016 by DARKF3D3 (see edit history)

[bellini13]

{$link->getPageLink('search', true)|escape:'html'}

that is the correct code for using HTTPS. 

[DARKF3D3]

Ok, after searching on the forum i found a solution.

I changed:

{$link->getPageLink('search')|escape:'html'}

To:

{$link->getPageLink('search', true)|escape:'html'} 

I don't know exactly what the true does but seem working.

[bellini13]

true means to use https, but only if SSL is enabled in the back office. 

[DARKF3D3]

Thank you,

so it doesn't create any problems if I disable SSL?

[Grzesiek2342]

There's no way to enable SSl on all the website pages?

[DARKF3D3]

Depends on the PS version. Look at the post #4

 

On PS1.6.0.9 it's possible to enable it site wide.

[Grzesiek2342]

Depends on the PS version. Look at the post #4

 

On PS1.6.0.9 it's possible to enable it site wide.

Thanks @Darkf3d3 I missed that.

Edited March 4, 2016 by Grzesiek2342 (see edit history)

[bellini13]

Thank you,

so it doesn't create any problems if I disable SSL?

if you disable SSL, then true is ignored and you get HTTP urls

[DARKF3D3]

I just notice another little problem.

Actually on my website SSL working well on almost the page, but not the page like product page, cms or similar where I addedd manually some inages into the content using a code like this:

<img src="http://www.mywebsite.it/img/photo.jpg" />

 

Which code I should use that it's compatible with http and also https?

 

If I change it to:

<img src="https://www.mywebsite.it/img/photo.jpg" />

And I disable the SSl one the website the images stop working?

[bellini13]

This would be the correct way to manually add an image using HTTPS

<img src="https://www.mywebsite.it/img/photo.jpg" />

The question is, why are you disabling SSL?

[DARKF3D3]

I don't know if I will disable SSL, I enable it from about few days, and I'm still testing. I want to see if it doesn't create any problem, like vistits or page per view decrease because slower or some other problems. So I'm wondering if there's a way to insert and image to mage it compatible with http and also https.

 

If i modify all the url to <img src="https://www.mywebsite.it/img/photo.jpg" /> and then disable the SSL the images works correcly?

 

I found this post about relative url: http://www.paulirish.com/2010/the-protocol-relative-url/

 

[tdr170]

Try using a path like this   <img src="/img/photo.jpg" />   this is how I always add images and no issues with https and content delivery.

Depending on the directory of the file you are entering this code it may need to be"../img or ../../img you will need to test.

[DARKF3D3]

Thank you, the starting point to choose the correct forlder it's from the theme folder?

 

For example if If I have to show an image into the main forder of the website, i should use '../../my-image.png'?

[Mister Denial]

I want to see if it doesn't create any problem, like vistits or page per view decrease because slower or some other problems.

 

So, what's your feedback on this? Any problems with website slower with https?

[Bill Dalton]

I use full SSL, some nice stuff on it here, https://www.maxcdn.com/blog/ssl-performance-myth/

[Mister Denial]

I use full SSL, some nice stuff on it here, https://www.maxcdn.com/blog/ssl-performance-myth/

 

Has there been any noticeable impact on your website performance. I am currently on a powerful VPS, but still had to use the Page Cache module to get the TTFB down from 800-1200Ms to a more reasonable 200-400ms.

 

And I am worried full SSL might considerably slow down the website, with 65-80 elements loading on page.

[Bill Dalton]

Not on my dedicated server Intel I5 with 32G RAM, Samsung SSD 850 EVO 1TB

 

SSL https://scrubscanada.ca/en/

 

Same server copy of site no SSL http://scrubscanada.ca/testaug/en/

[Bill Dalton]

You can of course do the exact opposite of what I have above, leave your live site alone and create a copy in a sub directory with SSL enabled.

[tdr170]

I always use full site SSL have not really noticed any considerable reduction in load performance.

Any difference is tolerable for the benefit of the customers feeling secure.

[Mister Denial]

Not on my dedicated server Intel I5 with 32G RAM, Samsung SSD 850 EVO 1TB

 

SSL https://scrubscanada.ca/en/

 

Same server copy of site no SSL http://scrubscanada.ca/testaug/en/

 

Hi Bill,

 

thanks for your input. I tested both your sites and ran them through Gtmetrix, in first 2 (of 3) test runs, the SSL clocked in at about 7 seconds and the non-SSL at 4, but on the third run, they were same speed. Funny thing, the SSL site despite being slower has a better speed rating.

 

I think I'll do what you suggested, and set up a test site and run a series of test to compare.Or I can do a live test and have my live website on full SSL for a week, and see how it impacts performance. I assume there is not more to do than to flick the switch on the full-SSL mode in BO? And nothing prevents me from going back, right?

 

@ tdr170 - I think the same, but I am not sure if most customers even notice if the website is in full SSL or not. As long as checkout / payment is in SSL, do they really care about the rest of the site being https? I think I could accept 1 second slower, but if it starts bumping speed up and above the 4-5 seconds mark, it starts getting critical in my opinion.

[Bill Dalton]

The very nature of the Internet is that data packets flow through many different paths. Not only are the packets running on different paths second to second, but even when they hit the same machine the data speed is processed depending on the amount of traffic being processed at that machine at that time. I would argue that it is a complete waste of time to use a third party web site to "attempt" to measure speed. Best just to make a copy of your site and judge for yourself.

 

As for just turning on SSL, I find that depending on your theme or modules you have installed there are usually problems with images and other assets not properly called and make the browser show SSL error messages. That is something you do not want customers to see, so you really need to set up a copy of your web site and test it. 

[Mister Denial]

As for just turning on SSL, I find that depending on your theme or modules you have installed there are usually problems with images and other assets not properly called and make the browser show SSL error messages. That is something you do not want customers to see, so you really need to set up a copy of your web site and test it. 

 

I hadn't thought about that! I remember the search block creating a broken https message on checkout pages because in one of the previous 1.6. versions there was an error in the coding. I'll definitely work with a test version first then!

 

As for speed, I know it's difficult to get an accurate measurement, but to get a rough idea, I usually run 10 tests and use the median value. But yeah, I understand what you're saying.