How To: SSL

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
php_wiz_kid
Forum Contributor
Posts: 181
Joined: Tue Jun 24, 2003 7:33 pm

How To: SSL

Post by php_wiz_kid »

Hey, I was wondering if anybody knew how to use SSL in PHP. Do I have to buy a certificate from Verisign or something like that? I've read some books and that's what they kind of make it sound like. Also, I'm developing on a Windows machine, and then uploading to a Linux SSL enabled machine. I havn't had any problems so far. I know that Apache has an OpenSSL folder, but when I go to the OpenSSL web site, or any other type of SSL web site they only have downloads for Linux machines. Thanks.
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

Eric (Nielsene) can probably give better tech details on this subject than me.

What doy ou mean by "SSL with PHP"?

As for SSL-Enabling your website-content it has nothing to do with PHP, it is all about having an SSL cert and set the webserver up to use it, if you are using shared-hosting you want to check with your provider if your account has the capability, then all you need is a certificate.

If you are talking about accessing other SSL web sites with PHP code there are many ways to do this, newer versions support it with built in standard PHP functions, e.g. file(), if you need to do http POST you may want to try curl, check if your PHP installation has been compiled with curl support.

As far as OpenSSL, that is a Library for crypto stuff with some front end tools and other things. Apache uses OpenSSL in its SSL setup, but this is totally transparent to website code etc.. it is unlikely you want to interract with OpenSSL directly unless you are specifically using its crypto capabilites, like e.g. s/mime, I dont know about many other uses as far as within PHP code on a website goes..
php_wiz_kid
Forum Contributor
Posts: 181
Joined: Tue Jun 24, 2003 7:33 pm

Post by php_wiz_kid »

I know I have SSL enabled on my server. I asked the tech guys. Now how do I get a certificate, can I make one? I want to secure e-mail, and c-card transactions (I'm not storing them in a db).
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

SSL enabled web server does not have anything to do with secure e-mail nor safe storage/handling of cc transactions. All SSL will do is secure the connection between a web browser and the web server.

You can make your own cert with OpenSSL but that will give everyone a security warning, it is likely that you want to purchase one from Verisign, Thawte, Geotrust or InstantSSL or something like that.

Securing CC transactions is a whole other issue and involves quite a bit, and security in your application is a big issue, most likely you want to purchase or find some software/script that will take care of this for you, preferably doing direct transactions with a gateway and no storing of cc-number..

The easiest way of this sort of stuff is to let the gateway provider (like authorize.net) take care of the checkout/payment process for you, involves none or few security risks on your own pagel.
php_wiz_kid
Forum Contributor
Posts: 181
Joined: Tue Jun 24, 2003 7:33 pm

Post by php_wiz_kid »

I kind of want to have my own cc checkout because I offer a service, and when the transaction is done the server automatically sets up their account, and everything that goes with it, you know what I mean?
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

I would recommend that you hire someone to implement it for you, it is not difficult to make something work, but the security aspect of it is very important..
Post Reply