Setting Up SSL For Drupal Sites on OIT Web Hosting

Drupal Version

Editor's Note: Information on Obtaining and SSL Certificate and Setting Up SSL on OIT Web Hosting with an External Domain Name has been moved to the Georgia Tech Resources for Webmasters website.

Additional details about enabling SSL for Drupal can be found in Jimmy Kriigel's posting in GitHub about SSL and Drupal sites.

Part I: SSL Certificate

See if you need an SSL Certificate, and if so, obtain your SSL Certificate. In short, if your site is a top-level site on OIT Web Hosting, you can use the existing SSL certificate available on your hosting server - no special configuration on the Plesk control panel side is needed - just follow the steps in Part II below.  If your site's hostname is a subdomain of a department domain (e.g., then you will have to see if the Plesk certificate includes your "" domain name - if so, then you should be good to go - if not, then you'll need to obtain a certificate (see "obtain your SSL Certificate" above).

Part II: Configure Your Drupal Instance

Edit Your Site's .htaccess File

Add the following directly after "RewriteEngine On" in your site's .htaccess file:

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

What this will do is catch any requests that have "www." before your site's hostname and redirect the user to the non-"www." version of the URL.  Then, if the user is not using HTTPS, it will redirect the user to the HTTPS version of the URL to ensure that HTTPS / SSL security is always used.

Edit Your Site's settings.php File (Drupal 7 only)

Find the line for "$base_url" (or add one if this setting is not defined), and set it to the the fully qualified domain name of your site, like so:

$base_url = "";

Important Note:  The settings.php file is usually protected from editing, so you may have to modify its access permissions before you can modify it.  Try editing it from the File Manager in your hosting account's Plesk Control Panel, as this may make it easier to override those protections.