The SSL – Secure Socket Layer is important to any online store owner’s website, it ensures that your customers’ private information is passed securely between their browsers and your web servers. The SSL certificate that installed on your site will tell your customers that your site is safe, then they will feel more secure when shopping on your site. Moreover, Google announced that website with SSL will have higher ranking on their search engine. There are many reasons explain why SSL is necessary with every Magento Ecommerce Website.

In this article, I will show you 5 common Magento SSL issues, if SSL certificate doesn’t work on your site, read this article first.

Check that SSL is installed correctly

The first thing, you should make sure that your site has been installed SSL correctly. But today, almost host or provider have provided and installed SSL for you. If you got problems with your site, and you tried everything but still stuck, contact with supporter is a good idea.

Sometimes, you just need to regenerate to fix the SSL (or CSR -Certificate Signing Request, which is encrypted text that holds information about your website). If you set-up on your own server, installing SSL following the proper steps according to the type of web server you have (Apache, IIS, etc).

Make sure your Secure URL is set

If the SSL does not work even it has been installed correctly, go to your Magento’s backend then make sure that you have turned it on.

On Admin Panel, go to Admin > System > Configuration > General > Web and then check that the Secure Base URL is set to included “https://”, the SSL cannot work if you set “http://” (http without “s”).

Often, this setting is set to http:// since setting a site without SSL to direct to https:// during development, so it will give most browsers a red flag and it may prevent a user from accessing the site. Therefore, if your site is in the process of development, make sure that you have double checked this setting before launching in live site.

Don’t forget to tell Magento to use Secure URLs in the Frontend and the Backend

A lot of times, it’s the tiniest settings in Magento that cause something not to work. This is one of them. Just make sure that, under the Secure URL tab in Admin > System > Configuration > General > Web, that “Use Secure URLs in Frontend” is set to “Yes”. While it isn’t necessarily a requirement, I recommend that you set your backend it to “Yes” as well, because there are a lot of scenarios that can occur where you have to place an order through the backend. Plus, it doesn’t hurt to have all your bases covered.

Is the SSL certificate set to include www?

Normally, SSL Certificates can be bought with the site including ‘www’ or without it. You must set your Magento URLs to the URL matching the certificate that you purchased. For example, you have a website with domain like and you bought SLL certificate for it. But you have bought a certificate which specified that your site is When your certificate is generated, your SSL probably isn’t loading or you’re getting validity errors, it likely is a problem with ‘www’.

A solution is you can buy an SSL certificate that allows for both ‘www’ and non-www version if possible. If you have already purchased one but it’s not the type you need, you can edit file .htaccess to redirect any potential wrong-URL-wanderers to use the correct one.

Check for any insecure links on your page

This is one of the biggest and the most common issues that I have seen when it comes to a broken padlock. The resources like images, javascript and others may be the cause of the broken padlock. It happened because the resource is often hardcoded with http:// or without it at all.

So, fixing this problem can take a lot of time, because you have to go through all the insecure code and correct it. You will need to edit an extension’s XML files to ensure that all resources (fonts, CSS files, images…) are loading through https.

Some useful tools that can help you to identify the wayward resources are Chrome’s Developer Tools and Firefox Firebug. Check the ‘Network’ tabs then reloading page, it will tell you what what is being loaded through http. And then you catch can fix them.