0

In One of the website am creating there is a requirement to use ssl. But i have no idea about this whatsoever. I know ssl is for secure sites. But what difference will be there in development and where do i get started? I saw this http://php.net/manual/en/book.openssl.php and this http://www.openssl.org/ so it possible to do this without buying an ssl with open ssl?

I guess this how u detect....

if (isset($_SERVER['HTTPS']) )
{
    echo "SECURE: This page is being accessed through a secure connection.<br><br>";
}
else
{
    echo "UNSECURE: This page is being access through an unsecure connection.<br><br>";
}

Please tell me where to get started and the basics i need to know.

Improve this question

2 Answers 2

Reset to default
3

SSL is usually negotiated by the web server. You need to install a certificate that the web server will use to negotiate a secure connection with each client, before PHP is even invoked. And yes, you will need to pay for an officially validated certificate. Usually you can do all this very easily through your hosting provider. If you need more help on installing a certificate yourself, try http://serverfault.com.

Ideally, for your development this means nothing at all. If your website doesn't make any presumptions to be running on a secured or unsecured connection, it should run fine either way, since the web server is handling the details for you. If you are generating full links yourself (including the schema, http://), you must be careful there. If you're setting any cookies, you should check whether these have the secure flag or not and what that means for your system.

The OpenSSL extension doesn't have much to do with any of this in this context.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

OpenSSL is a library that implements SSL.
It is probably worth mentioning that you can use a self-signed cert during development. The lack of trust surrounding them is a problem for a public service, but you don't have that worry with a dev server.
OpenSSL does do SSL, but it is also a general purpose encryption library that is useful for a lot more things than just SSL. Usually you don't establish an SSL connection yourself but leave that up to the web server. Unless you're writing a web server or need other encryption-related functions, you won't really use OpenSSL directly.
0

It also makes a difference if your site has some secure pages and some insecure ones. There is a module called "securepages" that makes most of that really easy. Of course, you still have to set up the certificate as the people mentioned above.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.