A Beginner’s Guide to Shopify SSL: How to do it and Why is it Important

Image by skylarvision from Pixabay

You landed here to know about Shopify SSL, so let’s do a little exercise.

Follow these steps:

  1. Go to your Shopify store in Google Chrome.
  2. Click on View>Developer Tools. This will open a side window on the right of your store. 
  3. Go to the Security tab. 
  4. You will see there if your Shopify store is safe. Is it? It most probably is. 

Not a Chrome user?

On your URL, you will probably find a padlock icon. Is it there? If you click on it, this will open a menu that will tell you that your Certificate is valid. This means that you are good. 

Yes, you could have done this in Google Chrome in the first place, too, but we wanted you to glimpse what your store looks like on the inside. 

Pretty cool, right? Ok, maybe not. 

Our developers in ContraCollective do think it’s neat, though…

So, what are all these whole Shopify SSL things and certificates? Is there anything you need to do on your end? (Hint: If you have hired us, all you need to do is sit down and relax as we are taking care of everything.)  

Let’s explore everything about encrypting your online store to make it more secure for your customers, and, even better, improve SEO. 

(I really don’t want to know about SSL if I’m covered, just take me to the good stuff.

What is an SSL Certificate?

An SSL certificate is a technology that establishes an encrypted link between the browser and the web server. In this way, the data that goes between these two is encrypted and remains private. 

SSL stands for Secure Sockets Layer and this is the small data file that prevents criminals from reading and modifying the information that your customers are sending to Shopify’s server from your website. This information includes names, addresses, phone numbers, and credit card information. 

This layer scrambles all the data that goes from your store (and into it) so that it is impossible for third parties to read it in transit within the connection. 

Hackers are always luring and on the look for unwary human browsers. They would place a listening software on the host’s server. It stays there, just waiting for someone to start filling in a form and writing down sensitive information. The program then sends that info to the hacker.

Pretty scary, huh? Now, you do not want to put your shoppers at that kind of risk. Hence, the importance of binding your browser and server with SSL.  

How do I know if my Store is Secure?

If you are a Shopify client, in general, you are protected. If you want to make sure, these are three ways of quickly finding out.

There is a padlock icon in the URL bar

Perhaps the most visible way to recognize an SSL-protected site is by looking at the padlock icon at the beginning of the address bar. 

URL with https padlock icon

URL with HTTPS padlock icon magnified for clarity.

If the page does not have an SSL certificate, it will read “Not secure” in its place. 

Not secure HTTP URL

Definitely not something you want your shoppers to be faced with first thing entering your store. 

The URL reads “https://” and not “http://”

If you click on the navigation bar of the address bar, the HTTP protocol will show up at the beginning of the URL. This must have an “s” at the beginning to indicate that it is safe. 

SSL certificate on the ContraCollective site

That “s” is significant as it is an indication that any data you enter is safely encrypted and cannot be traced by hackers. 

The SSL certificate is valid

You can also check if the certificate is valid by clicking on the padlock icon. You will find information about the certificate issuer and the expiration date, among other things. 

But wait, the certificate expires? 

Like most things. 

But you need not worry, as Shopify will automatically keep your certificates active for as long as your domain is connected to the Shopify store

Types of SSL Certificates

The SSL certificates are handled by a Certificate Authority (CA), specifically designed to run and grant those certificates. 

SSL certificates provide encryption, validation, and domain number. For encryption and validation certificates, there are three types:

Extended Validation (EV) SSL Certificate

This is the first-class type of certificate. Large eCommerce corporations use it to distinguish their pages from spam sites. It is also expensive, and you need to prove ownership of the domain you are submitting. 

A page with EV SSL Certificates will show the padlock, HTTPS, the business name, and the business country in the address bar. 

At least they did before Chrome and Mozilla stopped displaying that green bar since their studies suggested that it did not make much of a difference in people’s trust. 

Because of this and its high price, this SSL certificate tends to disappear. The fact that top websites don’t even use it seems to be driving the nail further into the EV casket. 

EV was good to build customer trust because that green bar was visible, but now users have to click on the padlock icon to see it. 

Here’s an example of a site that uses EV:

Web page with EV SSL certificate

And one that does not:

Web page withough EV SSL certificate

Organization validated (OV SSL) Certificate

As the name indicates, this validation proves that your domain and organization are real. It offers medium-level security, and it is obtained after the CA has verified ownership of the domain and that the organization operates legally. 

Domain validation (DV) Certificate

This one offers a low level of encryption and is the quickest validation to get after presenting a few company documents. 

DV certificates only secure the domain itself, not subdomains. The CA will not vet identity data, meaning that you do not know who receives your encrypted information. This is a good option for businesses that cannot afford the EV certification. 

Certificates defined by domain number also have three types:

Wildcard SSL Certificates

The wildcard SSL certificate ensures that if you buy it for one domain, you may use it for subdomains. This makes it a cheaper option to buying multiple certificates for a domain or number. 

Unified Communications (UCC) SSL Certificate

With this certification, you can have several domains under the same certificate. Unified Communications Certificates (UCC) used to work for a single server and browser but have expanded to include multiple domains to the same owner. 

It is very similar to the EV SSL, except that this one displays the number of domain names associated with that same certificate.

Single Domain SSL Certificate

You want to get a Single Domain (SSL) certificate to protect one domain. You may not use it to safeguard subdomains or for a completely different domain. 

Why is Shopify SSL important?

With so many transactions taking place during the time it took you to read this sentence, it is easier to answer why it wouldn’t be important. For starters, you will not get many customers if your shop has this on the front window:

[INSERT IMAGE OF NOT SECURE]

There are security principles that an SSL encryption follows:

  • Encryption to protect the data that travels between the server and the browser.
  • Data integrity to ensure that what has been ordered is received.
  • Authentication to ensure that you are connected to the correct server. 

How to Easily Activate Shopify SSL Certificates

When you set up your domain on Shopify, you will get the option to move your traffic to the encrypted domains. All you need to do to encrypt your Shopify store easily is to click on “Activate SSL Certificates” in your Shopify account. 

When you activate it, all of your pages will be redirected from HTTP to the safer HTTPS. 

It may happen that your content delivery services or your domain cannot establish a secure connection.

But no need to worry. 

Once you activate your certificates, reaching all your pages may take up to 48 hours. If nothing happens even after this time, try fixing your domain record, removing IPv6 records, or removing CAA Records.

It sounds complicated, but it really isn’t. Scroll down to the good stuff and see how we can help. 

Sometimes, SSL has been activated, but Shopify has not verified your content and server to make sure it complies with the encryption protocol. 

All your DNS configurations might be on check, but maybe your A records are acting up. This causes an SSL Pending note. You might need to contact your domain host if you need help with this. 

An SSL Pending may also be caused by not pointing your CNAME records correctly to shops.myshopify.com. 

There could be other reasons why this is not panning out. If this is happening to you, maybe give it 48 hours before contacting Shopify support, your host admin support, or ContraCollective for help with securing your entire storefront. 

Is Encrypting your Shopify Store good for SEO?

We wanted to end this fun ride by noting how good Shopify SSL Certificates are for your store’s SEO.  

Perhaps the most crucial aspect of a Shopify SSL certificate is customer trust. Simply put, that little padlock icon next to your site’s URL will make your customers feel safer and more willing to close the deal. 

Even if something were to happen, for whatever reason, they can feel that, in the end, you are willing to take the blow. 

Google has also stated that encryption is critical for a good ranking signal. Of course, optimizing for Google search builds trust among current and new customers. 

So, there you have it. There is no reason not to move all your domains to a secure HTTPS. 

The Good Stuff

Now to the good stuff!

Shopify has gone to lengths to secure its stores with SSL certificates. What’s more, the SSL encryption moved across all pages of Shopify stores in 2016 (it was only used on the checkout page) to ensure a safe environment for your clients. 

On this help page, Shopify provides you with best practices for SSL content. To save you the trip there, here’s a screenshot of those recommendations:

Sounds like a lot? 

Let us take over, and you will never walk alone. 

We have everything you need to make your store rock and sell like there is no tomorrow! Guaranteed. 

Contact us now.

Back to News