Setting up HorizonWeb for HTTPS

Introduction

The HTTPS protocol can be used by web applications to encrypt the messages sent and decrypt the messages it receives. Certificates are used to manage the encryption process.

Why should I use a certificate?

HTTPS encrypts a user's personal information (and other traffic) between the user and the site.

• Encryption – the exchanged data is kept secure from eavesdroppers
• Data integrity – data cannot be modified or corrupted during transfer
• Authentication – builds user trust, because there is proof that users are communicating with your HorizonWeb site.

Higher Google rankings

Google use HTTPS as a ranking signal (external link). Google do not publish their ranking algorithm (and they regularly change it), but they do tell web-masters what contributes to it.

What do I need to do?

Follow these steps, in order:

1. Raise a ticket with Support, asking to enable HTTPS on your HorizonWeb site. We will send you a works order form. We charge to add a certificate to your site so we can only proceed after we have received payment.
   
2. Collate the following information:
   
   
   • Country code – GB or IE.
   • State (province) – Your county.
   • Locality – Your postal town.
   • Organization – Your company name
   • Organizational unit – The business unit within your company that uses HorizonWeb, e.g. e-commerce or IT services.
   • Common name – your HorizonWeb domain. This may start www. or shop. We need the full domain path.
   • Email address – Your public facing email address, e.g. sales@example.com.

   The accuracy of this information is important, because it is used by the certificate authority to check you are who you say you are, and by us to match your certificate to your website.

3. We will send you a CSR request text file which will contain the information you've supplied. Please check this file. Often your certificate authority will have a CSR checker on their website. You can also find one with a search engine.
4. Buy a certificate from a certificate authority. We've written a guide to help you choose which certificate to buy. If in doubt contact your IT specialist.
5. Send us your intermediate and leaf certificates. Our Cloud Operations team will install the certificates. We will notify you when they have been installed.

HorizonWeb Options

After the certificates have been installed, you need to select one or two options on your HorizonWeb site. HTTP traffic will be redirected to HTTPS with the options:

Admin > HorizonWeb Settings > Global Options > System Options

• Use SSL certificate for login – HTTPS is used for the login only. Checkout would only be encrypted if you are using payment providers such as SagePay or PayPal.
• Turn on HTTPS for HorizonWeb – This redirects all incoming HTTP traffic over HTTPS. No traffic will go over HTTP. This is the preferred option. Customers' old bookmarks will still work because the old HTTP addresses are redirected to HTTPS.

These options do not "turn-on" HTTPS. This is done when we change your site on our servers. These settings must be changed after we have done that.

Click Save Settings when you have changed options.

Browser settings

Your customers must allow TLS in their browser settings. These are default settings, so your customers should not need to change anything. It is best practice to have these options selected. Advice must be to upgrade to the latest version of your chosen browser.

Browsers work by trying to use the most advanced encryption option, TLS 1.3. If that doesn't work, they try TLS 1.2. Older browsers may try TLS 1.1, TLS 1.0 and SSL 3.0 (and older). This is not recommended (the protocols are deprecated), but is better than no encryption at all.

See Also