United States

SuiteCommerce Advanced SSL patch install

Web best practices are evolving to provide better security and user experience, and Secure Socket Layer, or simply SSL, is becoming the standard for site operations. Providing SSL only on sections of the site that deal with payment or other personal information is no longer an acceptable practice, as web browsers are starting to warn users away from such sites.

NetSuite’s latest release of SuiteCommerce Advanced (SCA) provides out of the box SSL support across shop flow, My Account, and checkout/cart experiences. Since there is a mix of SCA versions currently deployed, NetSuite has released a patch to add full SSL support to legacy versions. The patch is a diff file that can be applied automatically to the SCA code base using the source control tool, in this case Git. Most SCA implementations are customized to a varying degree of complexity, and it will be up to the developer to manually update files based on the contents of the patch. This can be a long and strenuous process as there are over 60 files to be updated. Through implementing SSL for many of our clients, we’ve developed a workflow to deploy the patch on a customized instance of SCA. This guide assumes you already have a foundational understanding of NetSuite and SCA development.


  1. Determine what version of SCA you are running.
  2. Download most recent back up of the un-compiled SCA code for the web store. (Skip if you already have this).
  3. Add files to a version control system. A Git based system is suggested. (Skip if you already have this).

a. Adding files to your version control system will allow you to track, revert and save your files.

The Diff File

  1. Download the patch that matches your version of SCA.
  2. Open patch in your text editor of choice.
  3. Review the patch file structure to familiarize yourself with its content. Below is a list of most notable aspects of the patch.

    • Line 34 and 35 describes the old file and the new file respectively.
      “— a” is the old file while “— b” is the new file for the commit.
    • Line 36 describes the line range of what will be displayed.
      -19, 7 starts at line 19 of the old file and shows the next 7 lines.
      +19, 7 starts at line 19 of the new file and shows the next 7 lines.
    • On line 40, lines that start with “-” are the ones that are removed.
    • On line 41, lines that start with “+” are the ones that are added.

  4. Create a list of files that need to be updated, it is a good idea to keep this separate from other resources and check into source control as part of the patch update. The list will help you keep track of what has been updated and what will need to be updated during the process. The files updated will vary across different patches.

Applying the patch

  1. Use your hand created list to track which files you have already updated. It’s a good practice to keep this list in an .md (Markdown), but any human readable format will work.
  2. Determine if the file that needs to be patched has been overridden or extended.
    1. If the file is unchanged, the changes can be made to the associated source file within the “suitecommerce” directory.
    2. If the file is overridden, the changes shown in the patch will need to be applied to the overridden version of the file. Use the surrounding code snippets in the patch to determine what lines are changed, as the line numbering will be off in the overridden file.
    3. If the file is extended, review if any functions in the extended file override functions from the original file. Compare between the patch and the extended file. If a change happens within a function that has been overridden, an update to that function in the extended file will be necessary.
  3. Save your updates to version control frequently or in batches. Review and cross reference your changes with the patch file frequently to catch for any errors that may have been introduced.

Other things to look out for

The patch is applied only to the original SCA code, you will also need to review any customizations and custom modules. Best practice is to do this after checking in the patched site into source control, thus creating a save point you can easily go back to.

  • Any absolute links will need the “http” portion of the URL updated to “https”. It’s a good time to validate whether an absolute link is needed, or can be replaced with a relative URL.
  • Some functions have been replaced with new functions introduced by the patch. Review the patch notes for these functions and how they were replaced.. Review all custom scripting and replace the functions accordingly.

Testing the changes made to the code base is required before the SSL patch project can be marked as completed. Review here for more details on how to test your code changes in a safe and isolated environment so it does not interfere with the customer facing web store.

After thoroughly testing the application, refer to this link for steps on configuring your settings to secure the domain.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.