Secure and Unsecure Base URLs
Each website in a Magento installation has a base URL that is assigned to the storefront and to the Admin. If you have a security certificate for your domain, you can configure either, or both base URLs to operate over a securely encrypted SSL channel. Unsecure base URLs begin with “http,” and secure base URLs begin with “https.”
-
Unsecure Base URL
http://www.yourdomain.com/magento/
Secure Base URL
https://www.yourdomain.com/magento/
URL with IP address
http://10.9.220.154/magento/
If Magento was installed before you registered a domain, the base URL might include the IP address of the server. If you don’t yet have security certificate, the store will not be able to switch to secure URLs (https) for transactions that normally take place over the secure socket layer (SSL). These configuration settings can be updated later to reflect the values you need before the store “goes live.”
Important! Do not change the Admin URL from the default in the Base URL configuration. To change the Admin URL or path, see: Using a Custom Admin URL.
To configure the unsecure base URL:
| 1. | On the Admin menu, select System > Configuration. |
| 2. | In the panel on the left, under General, select Web. |
| 3. | Click to expand the Unsecure section. Then, do the following: |
| 4. | Enter the unsecure (http) Base URL for your store. Make sure to end the URL with a forward slash. |
For a typical installation, you do not need to update the paths for the skin, media, and JavaScript files. Be careful not to change the markup tags in the other fields in the section.
| 5. | If you do not plan to use a secure base URL for the Admin, do the following: |
| a. | Click to expand the Secure section. |
| b. | Enter your unsecure (http) Base URL. The URL should be the same in both the Secure and Unsecure sections. |
| 6. | When complete, click the Save Config button. |
To configure the secure base URL:
If your domain has a valid security certificate, you can configure the URLs for either the storefront and Admin—or both—to run over a secure (https) channel.
| 1. | Click to expand the Unsecure section. Then, do the following: |
| a. | To use a secure (https) for the storefront, enter the Base URL, followed by a forward slash. |
Typically, you will not need to update the paths for the skin, media, and JavaScript files. Be careful not to change the markup tags in the other fields in the section.
| b. | If you want to run the entire storefront over a secure (https) channel, set Use Secure URLs in Frontend to “Yes.” |
| c. | If you want to run the entire Admin over a secure (https) channel, set Use Secure URLs in Admin to “Yes.” |
| 2. | When complete, click the Save Config button. |
Troubleshooting
If after following the configuration instructions, some pages continue to be served with the unsecure URL (http://), do the following:
- Change the (unsecure) base URL to the secure (https://) URL.
- On the server, edit the .htaccess file (or load balancer) so the unsecure URL is redirected to the secure URL.
Was this helpful?
A quick rating takes only 3 clicks. Add a comment to help us improve Magento even more.