The online store's SSL encryption

The SSL encryption protocol prevents third parties from accessing the data exchanged between your online store and its customers. Enabling the SSL protocol in your online store creates a secure environment for making purchases and performing related actions, and makes it possible to encrypt all information provided by the customers while placing orders or registering. This makes your store much more reliable and secure.

Contents

To enable the SSL protocol, you'll need an SSL certificate, which you can order by using a form on our website. On the page you'll also find the prices of certificates ordered via MyCashflow.

SSL certificates are always issued to domains. You'll need a separate certificate for each domain whose traffic should be encrypted.

If your online store uses subdomains (e.g. domain.example.com), you can ask us to order for you a so-called wildcard certificate with which you can encrypt the traffic to all subdomains of a given domain.

SSL-certificates available via MyCashflow

See below for the list of SSL-certificates that you can order for the domain of your MyCashflow online store from us.

Find out more about the details and pricing of different SSL certificates.

SSL encryption for your MyCashflow online store's default domain

All default domains of MyCashflow online stores (http://STORENAME.mycashflow.fi) include the SSL encryption free of charge.

The free encryption applies only to the online store's root address. Its potential subdomains (http://subdomain.STORENAME.mycashflow.fi) are not encrypted.

Let's Encrypt

Free of charge SSL encryption for any single domain. If there are multiple domains or subdomains in your online store, you can order a Let's Encrypt certificate for any of them.

Let's Encrypt offers the same protection as paid certificates. All Let's Encrypt certificates enabled in a store are renewed automatically.

The certificate is available in all paid plans via our customer service. Contact us if you'd like to enable Let's Encrypt for your domain.

QuickSSL® Premium

Quick and easy encryption for a single domain. Perfect for an online store with a single domain.

QuickSSL® PremiumWildcard

Encryption for a single domain and all subdomains. Suitable for online stores with multiple language versions or a separate B2B online store under its own subdomain.

True BusinessID with EV

Encryption for a single domain on the bank level. High level of security visually confirmed by a padlock icon in most browsers.

Ordering a new certificate

Only the online store's account owner can order the SSL encryption for the store. The account owner can be seen in the admin panel, on the right side of the Account page.

To order a new certificate for a domain:

  1. Select and order the desired certificate here.
  2. Select the certificate validity period.

    The certificate has to be renewed at the end of this period. Find out more about renewing the SSL certificate ›

  3. Confirm the order.

What happens next depends on who manages the domain name services (DNS) of the domain that should be encrypted.

If MyCashflow manages your DNS, you'll receive a confirmation when the SSL encryption will be ready for enablement.

If a third party manages your DNS, the SSL encryption is enabled in the following way:

  1. A new SSL certificate will be ordered for you.
  2. You'll receive to your email the DNS settings for the domain to be encrypted that are necessary for enabling the certificate.
  3. Make (or ask your service provider to do so) the changes listed in the email from the previous step to the domain's DNS.
    • Add the TXT and A records
    • Direct the domain's traffic to the IP address reserved for the certificate

If a third party manages the domain's DNS, renewing the certificate is your own responsibility. Read more ›

Adding your own certificate to your MyCashflow online store

You can also add a certificate purchased from another provider to your online store.

The costs of enabling your own certificate in MyCashflow are €60/certificate.

If you use your own certificate in your online store, you will also be responsible for renewing the certificate. MyCashflow doesn't send any expiring certificate notifications.

If you've ordered an SSL certificate yourself, you can add it to your MyCashflow online store. In such a case, do the following:

  1. Notify us that you need a CSR (certificate signing request) for the domain to be encrypted. In your message, list all domains for which you need SSL encryption.
  2. Make sure that you include in the message the information that you're adding your own SSL certificate to your store and send the message to ssl@mycashflow.fi.

    In the message include also the following information:

    • Certificate
    • Intermediary certificate

    Alternatively, include the instructions on how the mentioned information could be obtained otherwise.

In the response, you'll receive an IP address to which the domain traffic should be directed and instructions on how to activate the encryption.

Encryption testing and enablement in the online store

After the SSL certificate has been ordered and confirmed, you can enable it in your online store:

  1. Note: Test that the encryption works properly. See the instructions ›
  2. Once you've made sure that the encryption works properly, open the settings for the store version to be encrypted on the User interface > Versions page.
  3. Make sure that the store version's URL address is the domain for which the encryption has been enabled.
  4. Select Use SSL.
  5. Save version settings.

The encryption has now been enabled in the edited version.

Next you may want to update the website's details in the Google services you have enabled, so that encrypted traffic is properly tracked, and the website is reindexed as soon as possible so that its search engine visibility doesn't suffer.

See how to update data in Google services ›

Renewing the encryption

The SSL certificate of every encrypted domain has to be renewed at regular intervals. The SSL certificate can be renewed in different ways depending on who manages its domain name services.

Domain name services managed by MyCashflow

If your SSL certificate's domain name services are managed by MyCashflow, we'll take care of renewing the certificate on your behalf. No action is required on your part.

Domain name services managed by a third party

If your SSL certificate's domain name services are managed by a third party, the certificate can be renewed in the following way:

  1. Before your certificate expires, you'll receive an email notification.

    The notification will contain a TXT record necessary for renewing the certificate.

    The notification will be sent to the email address used for ordering the domain.

  2. Renew the certificate yourself or ask the service provider to do it.
  3. Reply to the notification so that we can confirm that the certificate has been renewed.

Google Analytics and Search Console in SSL-encrypted domains

After enabling the encryption, make sure to update the enabled Google tool according to the instructions provided below.

Google Analytics

Google Analytics often interprets returning from payment services to the online store as referral traffic. This is especially problematic when tracking order conversions, as it prevents conversions from being logged in the tracking service.

Most often this issue occurs after SSL encryption has been enabled.

After enabling encryption, disable tracking for the no-longer-necessary referral traffic to external services in Analytics.

Also change the website's URL into the encrypted https:// version in Google Analytics:

  • On the page Admin > Property Settings, in the menu Default URL
  • On the page Admin > View Settings, in the menu Website's URL

Search Console

Search Console interprets as separate websites those domains which are with and without SSL encryption.

After enabling SSL encryption, add the SSL domain as a new website in the Search Console.

Also make sure that you add all domain variations as separate websites in the Search Console. A single domain with SSL encryption should be added as four websites in the Search Console:

  • http://www.example.com
  • https://www.example.com
  • http://example.com
  • https:/example.com

See also Google's instructions on adding new websites.

Testing the SSL encryption and the encrypted online store's layout

After ordering and confirming the certificate, test it to make sure that it works properly and enable the encryption in MyCashflow settings.

To test the encryption, go to the encrypted domain that starts with https://. For instance, if you've encrypted the domain www.example.com, type https://www.example.com in the browser's address bar. If the encryption works properly, you should be able to see the encrypted website's front page and a visual cue in the address bar indicating that the website is encrypted (in the example Google Chrome):

Links

Make sure that the online store's internal links don't direct to addresses with no encryption.

The store's internal links should always be in the format /page/8 (the example uses a link to a content page), so that visitors will always be directed to the domain enabled for the version and the encrypted address (once the encryption is enabled).

The MyCashflow text editor always enters the store's internal links in the correct format.

Design

The contents of this section are meant for the online store's designer. The actions presented here require the command of the HTML and Interface markup.

Make sure that in the theme there are no templates that would fetch style files, scripts, images or other resources from non-encrypted addresses. Many browsers display a warning to visitors if an encrypted website contains non-encrypted resources.

Styles and scripts should be added to the theme by using the {MinifyCSS} and {MinifyJS} tags. The tags always use the version's encrypted domain in links if the encryption has been enabled. Additionally, you can use tags to minify scripts and styles.

{MinifyCSS(
    files:'css/master.css|css/base.css|css/forms.css'
)}

If you fetch scripts and styles e.g. from an external CDN service, make sure that you use links that start with https://.

If you add fixed images to the theme from the online store's file directory, enter the links either without the domain, or use the {ThemeURL} or {ShopURL} tags:

<!-- The first two examples fetch the image in relation to the version's root domain -->

<img src="/files/images/image.jpg"/>

<img src="{ShopURL}/files/images/image.jpg"/> 

<!-- {ThemeURL} prints the theme folder's location in relation to the store's root domain -->
<img src="{ThemeURL}/image.jpg"/>
<img src="{ShopURL}/{ThemeURL}/image.jpg"/>

If you add fixed, internal links to the theme, use the {Link} or {LinkURL} tags. They will always print the version's URL address in an encrypted format if the encryption has been enabled.

<a href="{LinkURL(type: 'infopage', id: 6)}">Link</a>

Related questions