Page 1 of 1

HTTPS - SSL - Please Help

Posted: Mon Aug 10, 2009 12:35 am
by xtk
hey

perhaps someone could help, i have installed a SSL certificate on my server, but i have absolutely no idea on how to use it, or how to apply it to the code to make a secure connection

i can tell it must not be working because, because i see no security padlock but rather a triangle sign with a ! in the center; and when i check the details,

- "The identity of this website has been verified by TheExample Co."

(which is fine, cause is has a green check mark)

and

- "Your connection to example.com is encrypted with 128-bin encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look or behavior of th page."

which is not fine, because well, it reads for itself

any help would be greatly appreciated :)

regards

Re: HTTPS - SSL - Please Help

Posted: Mon Aug 10, 2009 12:53 am
by Christopher
You just make your URLs "https://www.mysite.com". Nothing much for PHP to do. You can use PHP to check if a page was requested with HTTPS (See phpinfo()).

Re: HTTPS - SSL - Please Help

Posted: Mon Aug 10, 2009 3:44 am
by frao_0
agreed with arborint, the SSL does the encryption, you have nothing to do. Concerning your message, the interesting hint is other ressources. Ressources might be SQL connexions, FTP connexions or links with sites that are external to your domain.

Re: HTTPS - SSL - Please Help

Posted: Mon Aug 10, 2009 11:15 am
by pcoder
For a whole websites to use https, You can try this on .htaccess

Code: Select all

 
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 
Or for a particular page. You can try this one on PHP.

Code: Select all

 
  if($_SERVER['HTTPS']!="on")
  {
     $redirect_url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
     header("Location:$redirect_url");
  }
 
 

Re: HTTPS - SSL - Please Help

Posted: Sat Aug 15, 2009 2:05 am
by kaisellgren
frao_0 wrote:agreed with arborint, the SSL does the encryption, you have nothing to do. Concerning your message, the interesting hint is other ressources. Ressources might be SQL connexions, FTP connexions or links with sites that are external to your domain.
No. The "other resources" are those that are included within the encrypted page. For example, consider this code:

Code: Select all

<img src="file.png" />
The resource "file.png" is being transferred unencrypted even though the initial connection was made via an encrypted channel. HTTP is a stateless protocol, remember?.