If you're looking for our article on SSL for your Legacy Evolution store, click here.
EvolutionX supports automatic SSL support which we provide for your domain on our stores. We take the pain out of this process of annual renewals and certification installations. We also take the risk away that can come with expired SSL certificates preventing access to your store.
To provide the most secure SSL support for ecommerce transactions we require the following requirements to be supported by the browser:
SSL/TLS protocols: TLSv1.2 and TLSv1.3 (one round trip time, 1-RTT, handshakes)
Ciphers: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-AES256-SHA384
We recommend and Support IE 11, and updated versions of Edge, Chrome and similar browsers.
Considerations Before You Go Live on EvolutionX
You should confirm what your legacy website supports before you switch it over to EvolutionX so that you can ensure that the SSL support will be the same or better after golive.
Do you have SSL on your domain now?
You can test this by putting your domain into your browser address bar and including https:// in front of it, for example https://www.mybigstore.com. If it works (returns your website) then you currently do have SSL setup.
Yes, my legacy website has SSL: You can rest easy knowing that your new EvolutionX Store will come with one and you do not need to buy or renew your SSL certificate after golive on EvolutionX.
No, my legacy website doesn't have SSL: Good news, when you go live with EvolutionX that will be solved for you. There is nothing extra to buy. If you're looking to get an SSL on your Legacy Evolution store you can read more here.
Do you have SSL on the apex of your domain now?
OK this just got technical, but the apex just means your domain with out any www. or store. in front of it. So if your normal domain name is https://www.mybigstore.com then your apex is https://mybigstore.com. Try that too and see if it works. Many don't have this and will return an error, this means you don't have SSL at the apex but some do have this and it will return your website. If you get to your website using https:// and your apex domain address then the answer is Yes, you have SSL at the apex.
Yes, I have SSL on the apex of my domain now: It's likely to be important that you support it on EvolutionX. This is just a matter of the correct setup but it's important here because Google may already be indexing you there and you may have used it in emails and links in the past. Refer to the section below that specifically covers SSL setup on the apex for EvolutionX stores.
No, the apex of my domain doesn't support SSL: It's unlikely that you will need this if you don't already have it and use it. Most sites host on a www. and the apex (or naked domain) is only used to redirect users if they type the domain into the browser without the www. Google won't index it if you don't use it and unless you make a mistake and use the link in a marketing email or on your site you're unlikely to ever notice that it's missing. If you'd like to support SSL on the apex anyway you can refer to the section below on how to do this on EvolutionX.
Do you have a "green bar" SSL which shows your company name at the top?
This is rare and you probably already know if you have it. It's known as an EV (extended verification) SSL which requires you to first prove your business details and then shows that this has been validated. To see what green bar SSL looks like when you visit a website, click here to see examples. Most likely your answer is No.
Yes, I have or plan to get a "green bar" SSL: Supporting the "green bar" ssl requires additional cost and management on your behalf. You have to separately purchase the certificate and then send it to our support help desk for installation each year. We recommend considering this carefully as it will increase the direct costs to you for purchasing a EV-SSL certificate, add additional paperwork requirements to prove your business name, and increase risk of your SSL being expired and your site not working each and every year. It provides no additional data security over a standard SSL certificate.
No, I don't have a "green bar" SSL: The good news for you is that you don't have to worry about SSL since EvolutionX will provide a free SSL and renew it automatically. Rest easy.
Setup Steps for SSL and EvolutionX Go Live
At any step in this process contact the EvolutionX Customer Success team if you need any help.
Determine your go live domain for your new EvolutionX Store.
Make sure you can login to your DNS settings for the domain or have a support email address for requesting DNS changes. This is usually with the same company from whom you buy your domain name (but sometimes it's another company like Cloudflare).
Request the setup of your domain on EvolutionX from our Customer Success team.
We'll send you instructions on DNS changes. This can be different for each domain and store due to a range of factors.
Add the CNAME and A records we send you to your DNS.
⚠️This is a technical process that can, if done incorrectly, interrupt access to receiving email, accessing your website and more. Get a professional, to do it for you if you're unsure or ask us for help! Leave other records alone unless we specifically request a replacement. As a rule: you can only have one A record or CNAME record per host name (www. or store.) so if you already have a record for the same host name it will be a replacement. Other CNAMES in your DNS will be important so when it doubt, ask before removing them.
Validate the Setup and Go Live.
Usually our Customer Success staff will validate your setup after you notify them that the DNS has been updated. They can either set your store live or send you instructions to do so once the setup is complete.
Setup SSL on the Apex of your Domain
This is not required for most stores but it can be supported on EvolutionX. The Apex, or naked domain, is your domain without any host name (without www. or store. in front of the domain).
Since EvolutionX is a SaaS product on a highly available and resilient network architecture it requires a special feature to support stores with SSL on the apex. The feature is sometimes known as CNAME flattening or A Record Alias. Most older name servers don't yet support this but there are plenty of modern and professional DNS providers who do.
Examples of DNS services known to support CNAME flattening are
If you discover that your current name server doesn't have this capability you would need to switch your DNS name server. Switching doesn't require you to change who you buy your domain from or your email or website providers. Changing your domain's DNS name server can be done smoothly and without downtime but it requires a technical person who has experience with this.
If you're considering this feel free to reach out to our Customer Success team for help.
Read more about this topic: