Using the secure HTTPS protocol/SSL is straightforward as most settings and url’s are automatically adjusted based on the host header. But there are some things that you need to check.
What is HTTPS?
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. Most modern web browsers display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect.
The advantages of using HTTPS are
- Customer information is encrypted and cannot be intercepted
- Visitors can verify you are a registered business and that you own the domain
- Customers are more likely to trust and complete purchases from sites that use HTTPS
If your website still uses HTTP and you want to switch to HTTPS, then create a support ticket on xpertise.zendesk.com. We can provide free SSL certificates.
After your website has changed over to HTTPS/SSL
If you use external script in your pages, then you may get warnings and/or error messages if those scripts are loaded with http://. You should change everything that starts with http:// to https://. Or remove the http: part from the URL’s altogether, but leave the two forward slashes. E.g. change http://fonts.google.com to //fonts.google.com. That way the browser will automatically determine the correct protocol to use (HTTP or HTTPS).
In your own website, you should use relative paths whenever possible. For example, instead of http://www.mywebsite.com/siteowner/somedocument.pdf, use /siteowner/somedocument.pdf.
Note that external links to your website may also use url’s starting with http://. Your website will automatically redirect these url’s using the https protocol, but if you are in control of such external links (e.g. in your blog or other websites that you may run), you should change the url’s.
Important
- If you have incoming API connections, you must tell your affiliates to use HTTPS instead of HTTP.
- If you use AddThis (Site configuration, SEO, Metatags, Social, section AddThis social buttons code) then make sure that the code snippet uses HTTPS.
- If you have included external script files or stylesheets in the code editor, then you must load those using HTTPS as well.