Since Magento 1.9.1 you can force HTTPS for the whole shop by adding the following configuration-snipped to /app/etc/config.xml or any module config.xml (own module!!!): <frontend> <secure_url> <all>/</all> </secure_url> </frontend> After cleaning the config cache, Magento should generate secure URLs everywhere. That’s how to force secure URL’s in Magento.