Running your ECT site entirely with SSL
Step by step guide
Web browsers have changed and as of 2018 it's highly recommended to have your site be served 100% securely, whether it handles any sensitive data or not. Some of the reasoning behind this is given in our video here: https://servelink.com/ssl-certificates (or a three minute read here: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html) We're experts with SSL/TLS and make it pretty simple to achieve, but there are a few suggested steps to convert your site once we've installed and activated your SSL/TLS certificate for you.
1. For recent ECT store versions (cart version 6.6+) log in to your store admin, go to Main Settings and set the Store URL to be the https:// version of your domain name, like https://www.sitename.com/ Users with older cart versions will do something similar, by changing the 'pathtossl' value in the file vsadmin/includes.asp/.php in the same way, although they are recommended to update their software. Whether you use www or not is up to you, both will work, but once you have decided stick with your preferred version everywhere.
2. Visit your site using the https:// URL and navigate your way around including placing a test order. You should see the secure padlock icon in your browser at all times. If not you likely have some issues with http:// links and/or insecure http:// content. This checking stage is important to avoid covering up underlying problems with redirects later.
3. If step 2 was successful, ask us to set a search engine safe 301 redirect from http:// to https:// on the site to force all users to https:// and keep them there. There's no need to mess with code in .htaccess or web.config, this is a simple change we can make for you at configuration level. Have us do a non-www to www (or vice versa) redirect while we're at it. It's important you have only one version of the site and we redirect other versions to the preferred version.
4. If step 2 showed problems with a missing padlock or other warnings, then you are going to need to check for insecure items that are being included in the page. If you need help tracking these down our support crew can help.
5. Users of services such as Google Webmaster Tools, Google Analytics etc will need to create a new site for https:// Google treat http:// and https:// addresses as different pages so you need to be sure they are working with the correct one. Be prepared to take a temporary hit in Google's search results as a result of this process, but you will recover.
6. Forget your old http:// links, you should now use https:// everywhere going forward. Advertising, letterheads, inbound links, the back of your truck, everywhere.
It's a complex subject, but our support crew are here to help you secure your site, so just ask if you need assistance. Don't have an SSL/TLS certificate yet? Then check in here https://servelink.com/clients/index.php?rp=/store/ssl-certificates for more details.