March 9th, 2001, 06:50 AM
I want to secure my site with SSL encryption.
After installing SSL modules on Apache, what Have I to do in my PHP site to use this SSL connexion???
Thanx for help
April 21st, 2001, 12:46 AM
Have you purchased a certificate (e.g.: from VeriSign)?
April 22nd, 2001, 10:19 AM
You don't need to buy the cert at all. You can create your self-signed certs if that's what you wanted.
April 22nd, 2001, 11:47 AM
I was told that using SSL you best make all links (php generated ones, too) absolute with https::// prefix .
Using relative links (like "../index.html", or even "/index.html") on securely transmitted pages is said to make some browsers request the linked pages without encryption. Therefor you should always tell the browsers (by saying "https://www.server.com/index.html") to retrieve the link securely .
btw, freebsd is right. the only disadvantage of a self signed (and self generated) key is that the browser won't recognize the signer (which it would were it VeriSign), and ask your visitor whether she/he decides to trust the key. In my opinion this is no problem at all for a low profile site (in case you're running one... no insult intended here ) compared to $$300.
April 22nd, 2001, 02:54 PM
Could you guys clue me in on self-signing? A URL on where I could read more would suffice.
April 22nd, 2001, 06:56 PM
I did this quite a while ago and I only remember having done the job with openssl and mod_ssl tools.
On a quick glance I found this:
It's a man page for one of the openssl tools on creating keys and making certs (signing and stuff).
April 22nd, 2001, 10:51 PM
Thanks! That's exactly what I was looking for.