Setting Up SSL/TLS Encryption on Drupal

Drupal is an industry-leading, open-source Content Management System for developers, marketers, and agencies. It’s a robust framework written in PHP and is distributed under the GNU General Public License. The application is built to transform web content management with inimitable flexibility and scalability for single-minded digital experiences.

Drupal provides incredible user-management features that empower businesses to restrict access to specific content and manage user membership with ease. Its default login script is relatively secure and capable of preventing unauthorized access to the sites’ member areas reasonably well. However, to implement military-grade security to your Drupal site, you must set up SSL/TLS encryption.

This tutorial will guide you through the installation of SSL/TLS on Drupal. Let’s get started!


The first and the most important thing when setting up HTTPS on Drupal is getting a valid SSL certificate on your ideal domain name. For best result, use an SSL certificate from a reputable Certificate authority such as Let’s Encrypt. Let’s Encrypt is an open, free, and automated certificate authority that works seamlessly with most modern browsers.

You also need CA Bundle (intermediate certificates) to enable the device connecting to your server to recognize the issuing Certificate Authority. The CA Bundle come in the Zip folder containing the SSL certificate files. In addition, you will need a private key. If you utilized free generator tool to create the CSR, the private key should be in your possession or on your server.

Once you get a valid SSL certificate, the CA Bundle, and the private key you can proceed to the actual configuration of the SSL certificate on your website.

Note: The configuration of the SSL certificate is a key prerequisite for setting up HTTPS on your Drupal site, flawlessly. For this reason, this configuration should be done with utmost precision.


It’s important to remember that Drupal is not a server but only a content management system (CMS). For this reason, configuring your web server first is a supreme step here. Once you have accomplished this, you are now ready for the next step.

  1. Login to your admin control panel using the password and username assigned by the web host.
  2. If your company operates more than one Drupal site, select the link for the specific Drupal website where you want to enable the SSL certificate.  Click the File manager button on the control panel page, then navigate to webRoot directory for the company’s domain name. Click open or go to create a new tab.
  3. On the File Manager main menu, select Add file or New File. Create a new file and name it .htaccess. This file is automatically created by the file manager once you click the Create New File button and will be displayed in the list of folders and files on your web server.

Once you successfully create the .htaccess file, you move to the next step.


Drupal is designed to automatically identify any SSL that is set up on your domain. Therefore, once the SSL certificate is installed, it becomes easier to access your Drupal website on both HTTPS and HTTP protocols. However, the simplest way to ensure HTTPS dominates the entire website is editing the .htaccess file we have created above. So how do you edit this file?

  1. Locate the File area on your cPanel account and navigate to the File Manager.
  2. Enable the “Home Directory” to display the >“Hidden Files” or (dotfiles).
  3. Navigate to the place of your Drupal installation and locate the .htaccess file. The next step is editing this file. Here, you have a host of options to accomplish the task. You can use any command-line text editor to make changes to the file. For the sake of this guide, we’ll use the editor in your cPanel File Manager. Simply click on the edit button on the top bar.
  4. Find this line:RewriteEngine on
  5. Copy the following command lines and paste them below the above line in your .htaccess file:
    1. RewritreCond%{HTTPS} off
    2. RewriteRule^(.*)$https://%{HTTPS_HOST}%{REQUEST_URL}[L,R=301]
    3. RewriteCond%{HTTPS_HOST} !^www\.
    4. RewriteRule^(.*)$https://www.%{HTTPS_HOST}%{REQUEST_URL}[L,R=301]
  6. This command enables HTTPS to your Drupal website.

Step 4: Complete and check the installation

  1. Exit the File Manager and log out of your cPanel of your web hosting. Navigate to the login page for your Drupal website admin area. Log in as the admin.
  2. On the admin toolbar, Select Site> Global Configuration> System.
  3. Select the YES option, located beside the “use Apache mod rewrite.”  Click the “save’ button at the top menu before exiting the administrator section of your website.
  4. Try to enter a domain name for your company’s Drupal website in the browser’s address bar then press enter. Whether your address is in or format, the edited .htaccess file redirects to the properly encrypted HTTPS domain of your Drupal website, which forces the utilization of SSL.


Google has a phenomenal mantra “security is the priority.”  This mantra has found meaning in a world where people are very sensitive when sharing or collecting information. The dominance of security breaches has prompted the adoption of proper security measures, and your Drupal site should not be an exception. Act fast and set up HTTPS on your site, using our guide. HTTPS offers enterprise-class security to ensure no comment, post, or data submitted by your members on the website is intercepted by hackers or automated bots snooping for critical user information.

Overall, attaining complete HTTPS encryption for your Drupal site is easy. Even the newbies can set up the encryption and enjoy optimal website security, enhanced site speed, and unprecedented users’ security.

Posted in Hosting Tutorial.