how to use SSL

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Smackie
Forum Contributor
Posts: 302
Joined: Sat Jan 29, 2005 2:33 pm

how to use SSL

Post by Smackie »

hello im not sure how to use SSL my host has a Shared SSL Certificates and i wanna know how to use it on 2 pages of mine if someone can help me please i need some help on this never worked with SSL before..


thank you
Smackie
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

It's WAAAY easier than I'm guessing you expect :).

If the host already has a certificate setup, then you can secure your pages by just using https:// instead of http://. As soon as you use the https protocol, your connection is secured.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Smackie
Forum Contributor
Posts: 302
Joined: Sat Jan 29, 2005 2:33 pm

Post by Smackie »

well i talked to the hosters and they said use https://hostname.com/~username/ but for some reason i can only get the front page to come up i want to get like my check out page to come up only secure


thank you again
Smackie
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

That looks like the physical address of the host.. usually a domain will point to that instead of actually going to that url.

To get a page on a secured connection, change all your links from http:// to https:// as mentioned before.
Smackie
Forum Contributor
Posts: 302
Joined: Sat Jan 29, 2005 2:33 pm

Post by Smackie »

i tried that but they come up forbidden :-\ but i can put in https://orange.nswebhost.com/~username/ (username as my username to login with) and it comes up as my front page of that website
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

Often hosting companies use a shared SSL certificate. It is usually in the form username.hostname.com or hostname.com/username (like yours). It should be setup so that http://username.com and https://hostname.com/username point to your website.

There are a couple of tricks that you may need to do to make things work. First you need to inventory all the links on your secure pages. These either link to other secure pages or back to non-scure pages in the main site. If you just use relative URLs on the ones that link to other secure pages everything there should work fine. For the links that go between secure and non-secure pages you just need to make sure you have the full URL.

The one other problem you may have is that you will loose your session when you go from non-secure to secure and back. This is the old "dropped cart" problem. That is because the session is associated with a domain name. To solve that you need to manually pass he SESSIONID and start the session with that ID. There are some security measures you can take regenerating session IDs and checking an internally generated unique ID.
(#10850)
Post Reply