SSL Certificates and HTTPS

With sensitive user and other information being handled by your site, it is critical that you are able to secure that important information as it travels between web server and browser. As a result of this need, many site owners turn to HTTPS for additional security. A SSL certificate needs to be obtained and installed before you can enable HTTPS for your site.

Once the SSL certificate has been installed, go to the Server tabs under your site's settings in your admin panel. The first option in the Server tab lets you decide if you want to use SSL. Selecting "yes" will enable the SSL so that you can access your site through HTTPS.


Change from HTTP

If you used HTTP under the installation then before you enable the SSL support in yourGrandCMS admin dashboard you will need to edit the two configuration files of your GrandCMS. Both files are called config.php and they are located under the root directory of your GrandCMS application and under the 'admin' folder:

[grandcms-root-folder]/config.php
[grandcms-root-folder]/admin/config.php

You can edit your files either via your cPanel File Manager or by downloading them on your local computer via FTP and reupload them after the changes.

Either way, you will need to locate the following section in both of your files:

// HTTPS
define('HTTPS_SERVER', 'http://yourdomain.com/');

Modify the line to include https instead of http:

// HTTPS
define('HTTPS_SERVER', 'https://yourdomain.com/');

When you have the correct https URL set for your GrandCMS application, save the files and upload them back to your GrandCMS installation if you are performing the changes locally on your computer. Remember to modify both the main config.php file and the admin folder config.php.

Optional: Force HTTPS only for your GrandCMS

If you would like to have your site accessible via HTTPS only, then you have to edit not only the HTTPS URL but the HTTP as well.

To do this, open once again your GrandCMS config files and edit the following line:

// HTTP
define('HTTP_SERVER', 'http://yourdomain.com/');

to

// HTTP
define('HTTP_SERVER', 'https://yourdomain.com/');

This way you will force your site to use HTTPS only for all pages and your admin panel.