SSL

I want to secure my site with SSL encryption.

After installing SSL modules on Apache, what Have I to do in my PHP site to use this SSL connexion???

Thanx for help

Have you purchased a certificate (e.g.: from VeriSign)?

You don't need to buy the cert at all. You can create your self-signed certs if that's what you wanted.

Hi!

ovigneron,
I was told that using SSL you best make all links (php generated ones, too) absolute with https::// prefix .

Using relative links (like "../index.html", or even "/index.html") on securely transmitted pages is said to make some browsers request the linked pages without encryption. Therefor you should always tell the browsers (by saying "https://www.server.com/index.html") to retrieve the link securely .


btw, freebsd is right. the only disadvantage of a self signed (and self generated) key is that the browser won't recognize the signer (which it would were it VeriSign), and ask your visitor whether she/he decides to trust the key. In my opinion this is no problem at all for a low profile site (in case you're running one... no insult intended here ) compared to $$300.


Greetings

Atrus.

Could you guys clue me in on self-signing? A URL on where I could read more would suffice.

Hi!

I did this quite a while ago and I only remember having done the job with openssl and mod_ssl tools.

On a quick glance I found this:

http://www.openssl.org/docs/apps/CA.pl.html

It's a man page for one of the openssl tools on creating keys and making certs (signing and stuff).


Greetings

Atrus.

Thanks! That's exactly what I was looking for.