HTTPS - SSL - Please Help

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
xtk
Forum Newbie
Posts: 10
Joined: Sat Aug 01, 2009 4:28 pm

HTTPS - SSL - Please Help

Post by xtk »

hey

perhaps someone could help, i have installed a SSL certificate on my server, but i have absolutely no idea on how to use it, or how to apply it to the code to make a secure connection

i can tell it must not be working because, because i see no security padlock but rather a triangle sign with a ! in the center; and when i check the details,

- "The identity of this website has been verified by TheExample Co."

(which is fine, cause is has a green check mark)

and

- "Your connection to example.com is encrypted with 128-bin encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look or behavior of th page."

which is not fine, because well, it reads for itself

any help would be greatly appreciated :)

regards
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: HTTPS - SSL - Please Help

Post by Christopher »

You just make your URLs "https://www.mysite.com". Nothing much for PHP to do. You can use PHP to check if a page was requested with HTTPS (See phpinfo()).
(#10850)
frao_0
Forum Commoner
Posts: 27
Joined: Sat Aug 08, 2009 3:52 am
Location: Toulouse, France

Re: HTTPS - SSL - Please Help

Post by frao_0 »

agreed with arborint, the SSL does the encryption, you have nothing to do. Concerning your message, the interesting hint is other ressources. Ressources might be SQL connexions, FTP connexions or links with sites that are external to your domain.
User avatar
pcoder
Forum Contributor
Posts: 230
Joined: Fri Nov 03, 2006 5:19 am

Re: HTTPS - SSL - Please Help

Post by pcoder »

For a whole websites to use https, You can try this on .htaccess

Code: Select all

 
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 
Or for a particular page. You can try this one on PHP.

Code: Select all

 
  if($_SERVER['HTTPS']!="on")
  {
     $redirect_url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
     header("Location:$redirect_url");
  }
 
 
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: HTTPS - SSL - Please Help

Post by kaisellgren »

frao_0 wrote:agreed with arborint, the SSL does the encryption, you have nothing to do. Concerning your message, the interesting hint is other ressources. Ressources might be SQL connexions, FTP connexions or links with sites that are external to your domain.
No. The "other resources" are those that are included within the encrypted page. For example, consider this code:

Code: Select all

<img src="file.png" />
The resource "file.png" is being transferred unencrypted even though the initial connection was made via an encrypted channel. HTTP is a stateless protocol, remember?.
Post Reply