Hi,
My topic title was too long, so it ended with a broken word. The correct ending is "How does SSL work in general?".
Anyway. I've tried to setup a SSL protected PHP page, with trials and errors. Nothing seem to have worked. Actually, I haven't managed to do much as I am no SSL expert (hopefully soon I am closer to it :]).
I do not understand the basics behind keys, signs, and other functions that PHP uses: http://fi.php.net/manual/en/ref.openssl.php
Can someone help me on this? I would like to start with at least a little code, starting from scratch does not seem like a good choice for me right now...
The PHP OpenSSL functions barely have any examples or user comments, and Googling for help is hard, too. =/
How to use PHP's OpenSSL functions? How does SSL work genera
Moderator: General Moderators
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: How to use PHP's OpenSSL functions? How does SSL work genera
To have SSL encrypted pages you need to configure your webserver to deliver pages using HTTPS. What webserver are you using?
(#10850)
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: How to use PHP's OpenSSL functions? How does SSL work genera
I have Apache 2.2, PHP, MySQL, SMTP, PostgreSQL, Oracle and SQL Server running on my personal computer at home, but my VPS (virtual private server, root access, ssh, etc) has also Apache, but not sure which version. I did install OpenSSL with the VDS Manager program they have and I tried setuping everything correctly and I used this code:arborint wrote:To have SSL encrypted pages you need to configure your webserver to deliver pages using HTTPS. What webserver are you using?
Code: Select all
<?php
function forceSSLConnection(){
if ($_SERVER['SERVER_PORT'] != "443") {
$url = "https://".$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'].($_SERVER['QUERY_STRING'] ? '?'.$_SERVER['QUERY_STRING'] : '');
header("Location: $url");
echo "Your browser does not support automatic redirection. <a href='$url'>Click here</a>";
die();
}
}
forceSSLConnection();
echo <<<HTML
<form method="post">
<input type="text" />
</form>
HTML;
?>I have 2 own IPs btw, not shared...
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: How to use PHP's OpenSSL functions? How does SSL work genera
Apache needs mod_ssl or similar installed so it can serve pages with HTTPS. What exactly do "SSL was not proper" and "it couldn't be trusted T_T" mean? Is that the error message?
(#10850)
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: How to use PHP's OpenSSL functions? How does SSL work genera
Let me tell you what I have done so far.arborint wrote:Apache needs mod_ssl or similar installed so it can serve pages with HTTPS. What exactly do "SSL was not proper" and "it couldn't be trusted T_T" mean? Is that the error message?
I am developing a script and I would *need* to allow SSL protected login script.
I have applied OpenSSL extension and installed the app. It runs fine, I have created the following for dveloping reasons: cacert.pem, key.pem, cert.pem. I do not know what each of them are for, but I think they all are needed.
I have not yet done that SSL thing for Apache, though. I'll do it right away.
I was playing with this code:
Code: Select all
$data = 'this should be safe';
$fp = fopen('cert.pem','r'); // is in the same dir right now
$cert = fread($fp,8192);
fclose($fp);
$pk = openssl_get_publickey($cert);
openssl_seal($data,$sealed,$envkeys,array($pk));
openssl_free_key($pk);EDIT: I have now Apache running with mod_ssl. What should I do next?