Page 1 of 1
How To: SSL
Posted: Fri Jul 04, 2003 2:36 pm
by php_wiz_kid
Hey, I was wondering if anybody knew how to use SSL in PHP. Do I have to buy a certificate from Verisign or something like that? I've read some books and that's what they kind of make it sound like. Also, I'm developing on a Windows machine, and then uploading to a Linux SSL enabled machine. I havn't had any problems so far. I know that Apache has an OpenSSL folder, but when I go to the OpenSSL web site, or any other type of SSL web site they only have downloads for Linux machines. Thanks.
Posted: Fri Jul 04, 2003 10:58 pm
by Stoker
Eric (Nielsene) can probably give better tech details on this subject than me.
What doy ou mean by "SSL with PHP"?
As for SSL-Enabling your website-content it has nothing to do with PHP, it is all about having an SSL cert and set the webserver up to use it, if you are using shared-hosting you want to check with your provider if your account has the capability, then all you need is a certificate.
If you are talking about accessing other SSL web sites with PHP code there are many ways to do this, newer versions support it with built in standard PHP functions, e.g. file(), if you need to do http POST you may want to try curl, check if your PHP installation has been compiled with curl support.
As far as OpenSSL, that is a Library for crypto stuff with some front end tools and other things. Apache uses OpenSSL in its SSL setup, but this is totally transparent to website code etc.. it is unlikely you want to interract with OpenSSL directly unless you are specifically using its crypto capabilites, like e.g. s/mime, I dont know about many other uses as far as within PHP code on a website goes..
Posted: Fri Jul 04, 2003 11:47 pm
by php_wiz_kid
I know I have SSL enabled on my server. I asked the tech guys. Now how do I get a certificate, can I make one? I want to secure e-mail, and c-card transactions (I'm not storing them in a db).
Posted: Sat Jul 05, 2003 12:19 am
by Stoker
SSL enabled web server does not have anything to do with secure e-mail nor safe storage/handling of cc transactions. All SSL will do is secure the connection between a web browser and the web server.
You can make your own cert with OpenSSL but that will give everyone a security warning, it is likely that you want to purchase one from Verisign, Thawte, Geotrust or InstantSSL or something like that.
Securing CC transactions is a whole other issue and involves quite a bit, and security in your application is a big issue, most likely you want to purchase or find some software/script that will take care of this for you, preferably doing direct transactions with a gateway and no storing of cc-number..
The easiest way of this sort of stuff is to let the gateway provider (like authorize.net) take care of the checkout/payment process for you, involves none or few security risks on your own pagel.
Posted: Sat Jul 05, 2003 12:28 am
by php_wiz_kid
I kind of want to have my own cc checkout because I offer a service, and when the transaction is done the server automatically sets up their account, and everything that goes with it, you know what I mean?
Posted: Sat Jul 05, 2003 12:40 am
by Stoker
I would recommend that you hire someone to implement it for you, it is not difficult to make something work, but the security aspect of it is very important..