How To: SSL
Moderator: General Moderators
-
php_wiz_kid
- Forum Contributor
- Posts: 181
- Joined: Tue Jun 24, 2003 7:33 pm
How To: SSL
Hey, I was wondering if anybody knew how to use SSL in PHP. Do I have to buy a certificate from Verisign or something like that? I've read some books and that's what they kind of make it sound like. Also, I'm developing on a Windows machine, and then uploading to a Linux SSL enabled machine. I havn't had any problems so far. I know that Apache has an OpenSSL folder, but when I go to the OpenSSL web site, or any other type of SSL web site they only have downloads for Linux machines. Thanks.
Eric (Nielsene) can probably give better tech details on this subject than me.
What doy ou mean by "SSL with PHP"?
As for SSL-Enabling your website-content it has nothing to do with PHP, it is all about having an SSL cert and set the webserver up to use it, if you are using shared-hosting you want to check with your provider if your account has the capability, then all you need is a certificate.
If you are talking about accessing other SSL web sites with PHP code there are many ways to do this, newer versions support it with built in standard PHP functions, e.g. file(), if you need to do http POST you may want to try curl, check if your PHP installation has been compiled with curl support.
As far as OpenSSL, that is a Library for crypto stuff with some front end tools and other things. Apache uses OpenSSL in its SSL setup, but this is totally transparent to website code etc.. it is unlikely you want to interract with OpenSSL directly unless you are specifically using its crypto capabilites, like e.g. s/mime, I dont know about many other uses as far as within PHP code on a website goes..
What doy ou mean by "SSL with PHP"?
As for SSL-Enabling your website-content it has nothing to do with PHP, it is all about having an SSL cert and set the webserver up to use it, if you are using shared-hosting you want to check with your provider if your account has the capability, then all you need is a certificate.
If you are talking about accessing other SSL web sites with PHP code there are many ways to do this, newer versions support it with built in standard PHP functions, e.g. file(), if you need to do http POST you may want to try curl, check if your PHP installation has been compiled with curl support.
As far as OpenSSL, that is a Library for crypto stuff with some front end tools and other things. Apache uses OpenSSL in its SSL setup, but this is totally transparent to website code etc.. it is unlikely you want to interract with OpenSSL directly unless you are specifically using its crypto capabilites, like e.g. s/mime, I dont know about many other uses as far as within PHP code on a website goes..
-
php_wiz_kid
- Forum Contributor
- Posts: 181
- Joined: Tue Jun 24, 2003 7:33 pm
SSL enabled web server does not have anything to do with secure e-mail nor safe storage/handling of cc transactions. All SSL will do is secure the connection between a web browser and the web server.
You can make your own cert with OpenSSL but that will give everyone a security warning, it is likely that you want to purchase one from Verisign, Thawte, Geotrust or InstantSSL or something like that.
Securing CC transactions is a whole other issue and involves quite a bit, and security in your application is a big issue, most likely you want to purchase or find some software/script that will take care of this for you, preferably doing direct transactions with a gateway and no storing of cc-number..
The easiest way of this sort of stuff is to let the gateway provider (like authorize.net) take care of the checkout/payment process for you, involves none or few security risks on your own pagel.
You can make your own cert with OpenSSL but that will give everyone a security warning, it is likely that you want to purchase one from Verisign, Thawte, Geotrust or InstantSSL or something like that.
Securing CC transactions is a whole other issue and involves quite a bit, and security in your application is a big issue, most likely you want to purchase or find some software/script that will take care of this for you, preferably doing direct transactions with a gateway and no storing of cc-number..
The easiest way of this sort of stuff is to let the gateway provider (like authorize.net) take care of the checkout/payment process for you, involves none or few security risks on your own pagel.
-
php_wiz_kid
- Forum Contributor
- Posts: 181
- Joined: Tue Jun 24, 2003 7:33 pm