E-Commerce store using https on Apache OFBiz

On August 6 2014, Google announced that it is starting to use HTTPS (Hypertext Transport Protocol Secure) as a ranking signal influencing search results. If you are running or building an E-Commerce store, you should consider serving your customers through HTTPS, which protects the integrity and confidentiality of your users’ data.

If an E-Commerce store is not using HTTPS, according to Google, for now it’s only a very lightweight impact — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content.

E-commerce merchants have time to switch to HTTPS. Over time, Google may decide to increase the weight of this measure, because Google will like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safer on the web.

How should HTTPS be setup?

The main items that will need to be addressed are the following:

  • Appropriate choice of single-domain, multi-domain, or wildcard certificate.
  • Use of 2048-bit key certificate.
  • Use of a web server that supports HTTP Strict Transport Security.
  • Use of relative URLs for resources that reside on the same secure domain.

Here are the practices you should follow to Secure your site with HTTPS.

E-Commerce store using HTTPS on Apache OFBiz

Setting up an E-Commerce store which serves contents over HTTPS on Apache OFBiz is quick. The other  issues as given below can be well addressed by your E-Commerce store on Apache OFBiz and by following production setup best practices. (Reference Secure your site with HTTPS)
1. Making sure your certificate is always up to date, helps avoiding certification expiration issue.
2. Checking that you have registered your certificate to the correct host name. For example, if you register the certificate for www.examplesite.com and your website is configured to use example.com, you’ll have a certificate name mismatch error. It helps avoiding issues with certificate registered to incorrect website name.
3. Not blocking your HTTPS site from crawling using robots.txt. Helps avoiding crawling issues.
4. Allowing indexing of your pages by search engines where possible. Avoid the Noindex meta tag. Helps avoiding indexing issues.
5. Using protocol relative URLs (e.g. //examplesite.com/script.js instead of http://examplesite.com/script.js), helps serving contents through same protocol it used for the originating page. Its required to avoid issue of inconsistent linking from HTTPS to HTTP URLs on your site.
6. Old OpenSSL versions are vulnerable; making sure you have the latest and newest versions of TLS libraries.
7. Only embedding HTTPS content on HTTPS pages. Security promise kept.
8. Check that your website returns the correct HTTP status code. For instance 200 OK for accessible pages, or 404 or 410 for pages that do not exist.
Serving your E-Commerce store over HTTPS is also important as today’s customer is getting smarter about purchasing online, and as a result is more cautious about security, wanting a clear understanding of how personal information is going to be used and not wanting to supply information if she is not sure about the security.

So if you are planning to launch a new E-Commerce store or already have a store up and running, you should consider Google’s recommendation as it will have an impact on your website ranking in Google Search.

If you would like to know more about process for setting up your E-Commerce store online on Apache OFBiz, Contact Us today.


DATE: Sep 08, 2014
AUTHOR: Pranay Pandey
OFBiz Ecommerce, eCommerce, Ecommerce Store, e-commerce, OFBiz, ecommerce erp, https