---
title: "TYPO3 HTTPS Migration: SSL Setup to TypoScript Configuration"
url: "https://nitsantech.de/en/blog/converting-your-typo3-site-from-http-to-https-ssl"
description: Migrate your TYPO3 project to HTTPS and protect user data. Learn how to set up SSL, configure redirects, and secure your site.
image: "https://nitsantech.de/fileadmin/_processed_/4/b/csm_Der-unkonventionelle-Leitfaden-f%C3%BCr-Ihre-Typo3-Site-Von-HTTP-zu-HTTPS_SSL_397e7ae941.jpg"
author: Sanjay Chauhan - TYPO3 Technopreneur
date: 2019-10-04
modified: 2026-01-29
lastUpdated: 2026-02-25
categories:
  - TYPO3 CMS
---

# TYPO3 HTTPS Migration: SSL Setup to TypoScript Configuration

Converting Your TYPO3 Site From HTTP to HTTPS/SSL
=================================================

 10 Aug 2019

 [![](https://nitsantech.de/fileadmin/ns_theme_nitsan/Team_Slider/Sven_Thelemann.png)](https://nitsantech.de/en/blog/author/sven-thelemann)

 [Sven Thelemann](https://nitsantech.de/en/blog/author/sven-thelemann)

 [ TYPO3 CMS ](https://nitsantech.de/en/categories/typo3-cms)

It's long be understood that the performance of a website is slow using HTTPS. That’s not true! You can checkout this testing tool https://www.httpvshttps.com/ which shows HTTPS loads faster than HTTP. In addition to that, HTTPS is now more important for SEO ranks. For privacy reason, Encryption of the website is mandatory in Germany - See here. Here, I would like to describe - How a TYPO3 based website can easily setup the HTTPS protocol.

 ![Converting Your TYPO3 Site From HTTP to HTTPS/SSL](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/_live/Conversion-of-TYPO3-website-to-HTTPS-SSL/Konvertierung_Ihrer_TYPO3_Site_von_HTTP_zu_HTTPSSSL_Feature.png)

   Table of content

HTTPS (HyperText Transfer Protocol Secure) is well-known **HTTP+SSL**, a client and a server communicate to each other, but with SSL Certificate, that **encrypts and decrypts** their requests and responses. That means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.

Unfortunately, Only **<0.1%** website **uses HTTPS** at Entire Internet.

  ![ What is HTTPS? ](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-HTTPS-Sehr-Wenig-Verwendung-Im-Internet.png " What is HTTPS? ")

**Source:** <https://trends.builtwith.com/ssl/SSL-by-Default>

  ![About HTTPS](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-was-ist-HTTPS-SSL-HTTPS.png "About HTTPS")

*“HTTPS as a ranking signal.”*

Google Starts Giving **A Ranking Boost** To Secure HTTPS/SSL Sites, Google's push for HTTPS adoption appears to be working.

  ![What Google Said About HTTPS/SSL?](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-HTTPS-SEO-Keywords-Ranking-Up.png "What Google Said About HTTPS/SSL?")

From **January 2017**, Google Chrome (version 56 and onwards) will begin marking HTTP sites that transmit passwords or request credit card details as **“not secure.”**The move comes as part of a longer term strategy to eventually label all non-HTTPS sites as insecure within Google’s browser, helping users to browse the web more safely.

  ![HTTPS sites as insecure within Google’s browser,](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-HTTPS-Google-Report-Checkliste.png "HTTPS sites as insecure within Google’s browser,")

**References:**

- <https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html>
- <https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html>
- <https://www.youtube.com/watch?v=cBhZ6S0PFCY> (Campaign by Google)

  ![ HTTP VS HTTPS ](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-HTTP-vs-HTTPS-Unterschied-zwischen-HTTP-und-HTTPS.png " HTTP VS HTTPS ")

**Source:** [https://www.instantssl.com/ssl-certificate-products/https.html](https://www.sectigo.com/ssl-certificates-tls/compare?utm_source=redirect&utm_medium=tier2&utm_campaign=instantssl)

  ![What is a HTTPS certificate?](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-Was-ist-TYPO3-Zertifizierungen-HTTPS-Bars-mit-Browsers.png "What is a HTTPS certificate?")

  ![ How HTTPS Works? ](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-Wie-funktioniert-HTTPS-SSL-erkl%C3%A4rt.png " How HTTPS Works? ")

1. **Security:** The **'S'** at the end of HTTPS stands for **'Secure.'**
2. **Identity Verification:** Visitors can verify you are a registered business and that you own the domain.
3. **Data Integrity:** Customer information, like credit card numbers, is encrypted and cannot be intercepted.
4. **SEO:** More referrer data, HTTPS as a rankings Boost.
5. **Trust:** Customers are more likely to trust and complete purchases from sites that use HTTPS.

### 1. Get a security certificate and install on the server:

HTTPS, in particular, is a well-established technology now and with initiatives like **Let's Encrypt** (<https://letsencrypt.org/>) it's never been easier or cheaper to get a **HTTPS certificate** for your website.

There are three different types of certificates you can get:

  ![Step-by-Step guide for integration of HTTPS at your TYPO3 website.](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-Typen-von-HTTPS-Zertifizierungen.jpg "Step-by-Step guide for integration of HTTPS at your TYPO3 website.")

**Source:** <https://moz.com/blog/seo-tips-https-ssl>

**1.1. Domain validation:** the cheapest and most basic; it only covers encryption (from the three things we went over earlier).

**1.2. Organization Validation:** the middle choice regarding price, which also includes authentication. If you’re collecting personal information, you probably want at least this option.

**1.3. Extended validation:** the top of the line option, which provides the best security you can get with HTTPS. It's This is for big e-commerce sites and sites that collect critical private information.

*Here’s a nice little summary:*

  ![Extended validation](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-Verf%C3%BCgbare-HTTPS-Typen-Auswahl-Domain-Hosting-Anbieter.png "Extended validation")

### 2. Enable & Configure HTTPS at TYPO3 Frontend Website:

####
 2.1. Use HTTPS Protocol at Page:

At TYPO3 backend, Page Properties > Behaviour > Use Protocol > Select “https://”

  ![Use HTTPS Protocol at Page](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-Backend-HTTPS-Protokoll-Seiteneinstellung.png "Use HTTPS Protocol at Page")

#### 2.2. Configure TypoScript:

##### **For TYPO3 version >= 6.x**

With the configuration of TYPO3’s config.absRefPrefix property, It will automatically convert all the URLs (like menus, links) to HTTPS. Let's just deactivate config.baseURL for new TYPO3 versions 6.2.x, 7.6.x, 8.x.

\# TypoScript setup: Set absRefPrefix & Disable baseURL
config.absRefPrefix = auto
config.baseURL >

##### **For TYPO3 version < 6.x**

With the configuration of TYPO3’s config.baseURL property, It will automatically convert all the URLs (like menus, links) to HTTPS. You can setup below smart [**TypoScript**](https://nitsantech.de/en/typoscript-conditions-with-symfony-expression-language) which will check, If HTTPS is on your website then it will automatically generate HTTPS URLs.

\# TypoScript constants: Define constantan for baseURL & Absolute URI prefix
domain {
\#cat = site\_default/website/domain/01; type=string; label=Domain name for Base URL: (excluding slashes and protocol like )
baseURL =
\#cat = site\_default/website/domain/02; type=string; label=Absolute URI prefix:
absRefPrefix =
}
\# TypoScript setup: Set baseURL setting for http or https
config.baseURL = {$site\_default.website.domain.baseURL}
\[globalString = \_SERVER|HTTPS=on\]
config.baseURL = {$site\_default.website.domain.baseURL}
\[global\]

####
2.3. HTTPS set as Default Protocol.

Edit the root page of website > Resources > Page TSConfig: Setup below TypoScript code.

TCAdefaults.pages.url\_scheme = 2

  ![onfigure TypoScript:](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-HTTPS-Einstellungen-TSConfig-TypoScript.png "onfigure TypoScript:")

#### 2.4. Apply HTTPS to all existing pages:

You might have hundreds of already created pages, so It will be difficult to manually assign HTTPS to all the pages by edit each page’s properties. You could just only allow SQL code at phpMyAdmin.

\# SQL Query Statement
UPDATE pages SET url\_scheme = 2

**Note:** This SQL statement you put all the pages of the TYPO3 system at https. If you have multiple sites with a back care (MultiSite), but not all at https to run, do not run this command!

#### 2.5. Additional Domains:

Make sure all the other domains (including those without ‘www’) should point to HTTPS.

#### 2.6. All the request should be HTTPS:

Checkout HTML source code of whole page & search for **http://** There will be lots tag eg., link, img, script tags etc., which should call their URL using **http://**, You’ll be required to make those changes at their calling code like TypoScript, Fluid templates, [**TYPO3 extension**](https://t3planet.de/en/typo3-extensions) etc.,

#### 2.7. Force redirects to HTTPS:

**2.7.1. With Webserver/Vhost Config:**

Best practice to forcefully redirects from HTTP to HTTPS via the webserver/vhost configuration. Nowadays it's the best practice to enable tls > ssl >https for the whole vhost/domain

**2.7.2 With .Htaccess**

Fortunately, there is real quick & tricky technique to forcefully redirects all HTTP to HTTPS **through .Htaccess**. It will also be help for old URLs to set 301 redirects for SEO.

\# .Htaccess Code
\# 1. Frontend Site: Redirect to HTTPS
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST\_URI} !^/?typo3
RewriteRule (.\*) %{HTTP\_HOST}%{REQUEST\_URI} \[R=301,L\]

\# 2. TYPO3 Backend: Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST\_URI} ^/?typo3
RewriteRule (.\*) %{HTTP\_HOST}%{REQUEST\_URI} \[R=301,L\]

####
2.8. Useful TYPO3 Extensions for HTTPS:

There are also some [**best extensions**](https://nitsantech.de/en/blog/typo3-extensions) available while help you to **manage HTTPS** as below:

- [https://extensions.typo3.org/extension/https\_macmade](https://extensions.typo3.org/extension/https_macmade)
- <https://extensions.typo3.org/extension/lvssl>
- [https://extensions.typo3.org/extension/https\_enforcer](https://extensions.typo3.org/extension/https_enforcer)

#### 2.9. Running TYPO3 CMS behind HTTPS proxy:

You can configure it from [**TYPO3 Install**](https://nitsantech.de/en/blog/installing-typo3) **tool** with below settings:

\# TYPO3 Install Tool Configurations
$GLOBALS\['TYPO3\_CONF\_VARS'\]\['SYS'\]\['reverseProxyIP'\] = 'THE IP OF YOUR PROXY SERVER';
$GLOBALS\['TYPO3\_CONF\_VARS'\]\['SYS'\]\['reverseProxyHeaderMultiValue'\] = 'last';
$GLOBALS\['TYPO3\_CONF\_VARS'\]\['SYS'\]\['reverseProxySSL'\] = '\*';

Read more details at <https://moc.net/om-moc/aktuelt/blogs/tech/running-typo3-cms-behind-https-proxy>

### 3.0. Configure HTTPS at TYPO3 Backend:

Of course, [**TYPO3 Backend**](https://nitsantech.de/en/blog/typo3-backend) should be run with **https://** Fortunately, You can easily configure it from Install tool with following settings.

\# TYPO3 Install Tool Configuration
$GLOBALS\['TYPO3\_CONF\_VARS'\]\['BE'\]\['lockSSL'\] = ‘2’;

  ![Configure HTTPS at TYPO3 Backend](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-Installations-Tool-Einstellungen-von-HTTPS-LockSSL.png "Configure HTTPS at TYPO3 Backend")

After migration from HTTP to HTTPS at development, It would be good to take care about below SEO consideration points.

###### 1. Don’t missed to configure HTTPS at your **CDN (Content Delivery Network)**

###### 2. Update links/references/ in **Content**

###### 3. Update links/references/ in **templates**

###### 4. Update images and other links

###### 5. Update **canonical** tags

###### 6. Update **hreflang** tags

###### 7. Update any **plugins/modules**

###### 8. **Force HTTPS** with redirects

###### 9. Update **old redirects** currently in place

###### 10. Update your **robots.txt** file

###### 11. Add your site again in **WMT (Google Webmaster Tool)**

  ![HTTPS Checklist for SEO Matters:](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-wie-zu-Hinzu-Site-Google-Webmaster-f%C3%BCr-HTTPS.png "HTTPS Checklist for SEO Matters:")

###### 12. Update sitemaps

  ![Update sitemaps](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-HTTPS-Google-Webmaster-Sitemap_hinzuf%C3%BCgen.png "Update sitemaps")

###### 13. Do some **quick testing** to make sure everything went well,

eg,\\[www.ssllabs.com/ssltest/](https://www.ssllabs.com/ssltest/)

###### 14. **Monitor** everything during the migration

During the migration from HTTP to HTTPS, there might be few things wrong as below:

**1. Preventing Google** from crawling the HTTP version of the site, or stopping site crawls in general (usually, happens because of failure to update the test server to allow bots);

**2. Content duplication issues,** with both HTTPS and HTTP versions of the pages showing; and different versions of the page showing on HTTP and HTTPS.

**3.** Most of the common problems with HTTPS migrations are the result of **improperly implemented redirects**. (I’ve also had fun times cleaning up websites that changed their entire structure/design while making the switch to HTTPS.)

Simply put, *HTTPS is not going away*. HTTP/2, Google AMP and Google’s QUIC protocol (which is likely to be standardized soon) all require secure connections for browsers to use them. The fact remains that HTTPS is being pushed hard by the powers that be, and it’s time to make the switch.

  ![Closing thoughts on HTTPS](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/HTTP1-vs-HTTP2-Vergleich-mit-TYPO3-Sites.png "Closing thoughts on HTTPS")

**Source:** [https://blog.cloudflare.com/introducing-http2/](https://www.keycdn.com/blog/http2-statistics)

  ![http vs https](https://nitsantech.de/fileadmin/ns_theme_ns2019/blog/live/Conversion-of-TYPO3-website-to-HTTPS-SSL/TYPO3-HTTP1-vs-HTTP2.png "http vs https")

**Source:** <https://www.keycdn.com/blog/http2-statistics>

Most of the problems that I see are from poor planning, poor implementation or poor tracking. If you follow the steps I outlined, you should have little to no trouble when **migrating from HTTP to HTTPS**.

*Have a good security with **great*** [***TYPO3 CMS***](https://nitsantech.de/en/blog/typo3-perfect-cms-for-everyone)*!*

If you have any **suggestions or questions**, Please feel free to ask using below comment section. Let a [**TYPO3 Agency**](https://nitsantech.de/en/typo3-agency) help you with all your queries.

#### Contact for Internet agency and TYPO3 projects

#### Sven Thelemann

Service Partner - Germany

 [ st@nitsantech.de ](mailto:st@nitsantech.de) [ +49 351 48196661 ](tel:4935148196661)

 ![Sven Thelemann](/fileadmin/ns_theme_nitsan/CTA/SVEN__1_.png "Sven Thelemann")

![](https://nitsantech.de/fileadmin/ns_theme_nitsan/Team_Slider/Sven_Thelemann.png)

### Sven Thelemann

Client Service Lead

- [](https://www.linkedin.com/in/sven-thelemann-0a30867b/ "linkedin")

Sven Thelemann serves as the Client Service Lead at NITSAN, focusing on delivering TYPO3 solutions that meet client goals. With a strong understanding of technology and client expectations, he ensures smooth communication and project execution. Outside of work, Sven enjoys cycling and experimenting with homemade recipes.

  <a id="c9786"></a>Comments and Responses
----------------------

 Thank you for your comment. Your Comment Added Successfully.

Thank you for your comment. Your Comment Will Be Visible After Approval.

Oops! Something went wrong, please try again later.

##### **Be the First to Comment**

  <a id="c9787"></a> ### Related Blogs

 [ ![](https://nitsantech.de/data:,)

#### TYPO3 CMS for Public Sector Websites: Requirements and Best Practices

 ](https://nitsantech.de/en/typo3-public-sector-2026)

 [ ![](https://nitsantech.de/data:,)

#### TYPO3 SEO: Improve Your TYPO3 Website Ranking

 ](https://nitsantech.de/en/blog/typo3-seo)