This documentation relates to CiviCRM version 3.1. It's not maintained anymore.
Current version of documentation.

Should I use SSL for all my web pages, even those for which secure transmisson is not needed?

Skip to end of metadata
Go to start of metadata

This page refers to outdated version of CiviCRM. Check current version of documentation.


Documentation Search


CiviCRM 3.1 Documentation

Support and Participation

Developer Resources


CiviCRM book!

Make sure to check out Understanding CiviCRM as well! You can also support this project by ordering a hard copy.

Using SSL (https) causes slower page loads and uses more server resources (encrypting/decrypting the pages).

You should DEFINITELY force SSL for contribution and event registration pages IF you are using one of the payment processors for which end-users are entering credit card information on your site (PayPal Pro, Moneris, Authorize.net). However, note that CiviCRM does not support shared SSL. If your payment method requires a security certificate, it must be installed on your domain. CiviCRM is unlikely to recognize a certificate provided by your Web host or another domain on your server.

Unless you are running your entire CiviCRM site under https (which some people do because they want all contact info to be encrypted across the network), you should not use https:// in your Resource URL setting — using a relative URL is preferable as it will "switch" how the css file is sourced for sites that run some pages in http and some in https.

Labels
  • None

Creative Commons License
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.