Magento Forum

   
SSL on all pages?? 
 
Shaun E.
Member
 
Total Posts:  65
Joined:  2009-06-24
 

The business executives at my company are wondering why all web pages aren’t showing the “green bar” (EV cert) that they paid so much money for (ie, not all pages are under https :D), and although I tried to explain to them that SSL is only required for pages where some type of sensitive data is being passed (login, checkout, etc), they still want me to make it so that when a visitor lands on our website they will see the “green bar”. 

Is there any reason that we should avoid setting up our unsecure_base_url to be under ssl?  (besides the fact that it causes unneeded load on the webserver)

 
Magento Community Magento Community
Magento Community
Magento Community
 
Sonassi
Sr. Member
 
Avatar
Total Posts:  217
Joined:  2009-05-20
Manchester, UK
 

I’d explain to them that using SSL for all pages is complete insanity . The protocol is substantially slower that HTTP, it will crush SE ranking as Google will be ranking sites by page load speed in 2010.

Your green bar also won’t appear if any of the content isn’t fetched via HTTPS - that also includes dynamic JS requests - so if your template isn’t 100% correct, I’d imagine some content is being grabbed via HTTP rendering the page as insecure and subsequently dropping the “green bar”.

Studies have shown marginal increased conversion via displays of site seals - but with newer browsers offering multiple variants of coloured address bars (blue standard ssl / green extended ssl) - your average user won’t understand the difference. I’d approach a panel of prospective customers and see if they even knew how to verify if the page was secure or not!

Ultimately, there is absolutely nothing to be gained from running the entire store in SSL - but A LOT to lose. You could always test it to show them, make 2 store views and use a simple PHP modulus operand to assign 50% of people to each (with their store session set in a cookie). Then track via google analytics. The resultant conversion data for both stores after around 2 weeks should be proof enough as to which way to proceed.

We’ ll get a wrist slapping for this - but your the developer (I’m assuming!), it is your advice they follow, not the other way around wink

 
Magento Community Magento Community
Magento Community
Magento Community
 
Lain
Jr. Member
 
Avatar
Total Posts:  9
Joined:  2008-05-27
Earth
 

I would have to agree that its crazy to run your entire site under SSL. As you noted it crushes the server, and instead of actually making your customers feel “secure” it will simply piss them off as the site will be so slow they will simply leave in frustration.

My suggestion is that you create a “landing page” that offers a detailed explanation of your security implementations. You could also make a banner that sits atop the customers profile page and on all checkout pages as well to further this effort. I have run a Joomla based ecommerce site for 6 years now and I can assure you that as explained by the last post, the EV cert is actually a waste of money. I had it for one year and it made NO difference at all in sales compared to the 4 years prior...but it sure COST me more and in so doing lowered my profit margins. Some users in older versions of Firefox and in some themes will not even see it at all anyway as noted.

The most important issue is to ensure that when a page is suppose to be encrypted that all images and contact are actually encrypted so that your customers do not get the dreaded......(IE) This page contains non-secure content do you wish to continue message....wish I can tell you from experience will drive customers away in droves. The issue can be dealt with by ensuring that you do not cache SSL pages, which is a bad idea anyway.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Alicia Keys
Jr. Member
 
Total Posts:  7
Joined:  2010-03-07
 

@Sonasi , I really don’t agree with your statement that “Green bar doesn’t help much but lead to lose more”. If you’re an online seller and having store your customers trust is must as well as installing EV SSL help them to understand data is being transferred over the web is secured, It doesn’t matter what brand of ev ssl. Contact the support staff of respecting ev ssl provider to help you out in this case, if problem has been already solved than post what was the actual reason behind it.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Turnkeye
Enthusiast
 
Avatar
Total Posts:  908
Joined:  2008-12-20
URL: turnkeye.com
 

It is not good when all pages are under https (e.g. for SEO)

If they want to show that the site is secure, add beautiful SSL label/badge everywhere smile

 
Magento Community Magento Community
Magento Community
Magento Community
 
MagePsycho
Mentor
 
Avatar
Total Posts:  1702
Joined:  2009-06-23
 

Hi

I have green EV image on the side of the address bar while loading the secure https page, but once the page is loaded that green bar is gone.

Can anybody tell us why is this happening?

Thanks in advance for the valueable help.

 
Magento Community Magento Community
Magento Community
Magento Community
 
manuel.bago
Jr. Member
 
Avatar
Total Posts:  19
Joined:  2010-11-17
 

Hi community,

Magento I have implemented SSL and it works perfectly.
It is inappropriate to put in all the store Magento SSL (SEO, time, processing, ..)
but my question is ...
if you want to put a page on SSL (type “Contact") Could do? Do you know how?

I think this flexibility with the use of SSL is important.

Thanks and all with Magento is a marvel.

 
Magento Community Magento Community
Magento Community
Magento Community
 
irena
Jr. Member
 
Total Posts:  1
Joined:  2010-11-19
 

There is no need to use SSL on all pages. Consider that when using SSL the pages are not cached, so you loose the power of caching local HTML

 
Magento Community Magento Community
Magento Community
Magento Community
 
pareshshah
Jr. Member
 
Total Posts:  1
Joined:  2011-09-22
 

Thanks for this great share. This site is a fantastic resource. Keep up the great work here at Sprint Connection! Many thanks.

SEO services india

 
Magento Community Magento Community
Magento Community
Magento Community
 
stanleyjgs
Jr. Member
 
Total Posts:  3
Joined:  2011-10-09
 

I don’t think that SSL Needs to be on all the pages.

SJ
http://www.customsoftwarebypreston.com

 
Magento Community Magento Community
Magento Community
Magento Community
 
eUKStan
Jr. Member
 
Total Posts:  8
Joined:  2011-10-12
 

Well, inspite of you offering an explanation if your client still insists on having an SSL for all the pages, you don’t have any option other than do so. If the client encounters issues with indexing and crawling as suggested by others, you may revert it back and cover only the crucial pages of the site. After all we need to follow the principle “Customer is God” wink

 
Magento Community Magento Community
Magento Community
Magento Community
 
martintuner12
Jr. Member
 
Total Posts:  3
Joined:  2011-11-18
 

please refresh and check again you bar.. some where you might click highlight buttons

 
Magento Community Magento Community
Magento Community
Magento Community
 
jmazzella
Jr. Member
 
Total Posts:  29
Joined:  2011-07-21
 

Trying to understand my options and how to implement them....

So if I decided I want the Green or Blue highlighting that EV SSL produces in the browser on every page, how do I configure magento to use HTTPS for all website resources? And If I decided that I only want to us the SSL encription for the payment screens, how do I configure that?

I think a good balance for me is to have the browser display the GREEN EV SSL on only the home page and all payment pages .. IE collection of user information,Credit card info.  How would I do that?

Thank you in advance for time to answer my questions
John

 
Magento Community Magento Community
Magento Community
Magento Community
 
Brynnae
Member
 
Avatar
Total Posts:  36
Joined:  2012-04-17
California
 

SSL is required on eCommerce website.  Say for example if you would ask to enter Credit Card or PIN number of your Debit Card then what you will do? You will definitely not enter your PIN or Credit Card Number reasons why it is not secure, so SSL is required on eCommerce website. 
One more question arise that Do you need SSL on all pages of ecommerce website? The answer is yes, because if they ask for your personal information they you will not provide if it is not secure.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Davis_Joseph
Jr. Member
 
Total Posts:  5
Joined:  2012-05-29
USA
 
MagePsycho - 14 December 2010 07:10 AM

Hi

I have green EV image on the side of the address bar while loading the secure https page, but once the page is loaded that green bar is gone.

Can anybody tell us why is this happening?

Thanks in advance for the valueable help.

Sounds like a server side issue then alright. In firefox you can to tools->page info. Click on the media tab and you’ll see every css, javascript and image loaded by the page. Go through each line and check the following:

- Each line starts with https://
- Each line has a file size
- All hosts have a valid SSL certificate

To be doubly sure you can load each url in a new tab (copy and paste required) to make sure it loads properly under https and isn’t redirected.

EV SSL Certificate is the symbol of the trust - SSLMatrix

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
    Back to top