secure website

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
maneeshthareja
Forum Newbie
Posts: 3
Joined: Wed Feb 07, 2007 12:34 pm

secure website

Post by maneeshthareja »

Hi all
This is my first message on this forum.
Well I have developed a web project in PHP MySQL Apache for the state goverment.
Now it is going for auditing.
Now the problem is that it is running on HTTP and they want to make this site secure by running on HTTPS .
So can you help how can i do it with HTTPS and what are the steps to do it because before this i never use https or SSL.
Please reply everything
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Hi. I suggest you start here: http://httpd.apache.org/docs/2.0/ssl/
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

You will need to get a cert and set up Apache to use it. It's not too difficult, try googling it up: http://www.google.com/search?q=apache%20ssl%20howto

Note that a cert from a reputable provider will cost money, if you choose to self-sign, users will get a nice warning message.
maneeshthareja
Forum Newbie
Posts: 3
Joined: Wed Feb 07, 2007 12:34 pm

Post by maneeshthareja »

volka wrote:Hi. I suggest you start here: http://httpd.apache.org/docs/2.0/ssl/
hello sir
thanx alot but i am still confuse how to implement security in my web site.
and suppose i implement ssl in my web site in that case should i make changes in my all pages...
please clarify this....
and because i am making a site for state government should i bought any certificate or anything else and what would be it cost ....
till then i am reading the link u given me
thank you
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

The only changes you would have to make are changing links from using http:// to https:// (not necessary for relative links like "foo.gif"). Other than that, Apache should handle it. You should probably have your web pages ensure that the connection is indeed HTTPS, and if it isn't, redirect the user to the right spot.

As for certificate cost, I don't know off the top of my head, but VeriSign seems to sell them at http://www.verisign.com/ssl/buy-ssl-cer ... or higher, prices are lower if you buy for multiple years and more advanced certs can go for $1.5k. Not cheap, but then again, this is the state government you're talking about. In fact, they should probably already have an SSL cert.
Post Reply