homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

Any good https/SSL Tutorials?

5+ Year Member

Msg#: 3879671 posted 10:07 pm on Mar 26, 2009 (gmt 0)


I've been searching Google and here for a while and haven't found what I'm looking for.

I've written a shopping cart for use with Paypal payments. I know it isn't neseccary to use https as I wont be handling CC info, but for user experience would like the 'secure feeling'.

I have a free shared SSL with my host and have generated the keys/certs through Cpanel.

I just haven't got a clue what to do with them. I can't find any tutorials from the host. I vagely understand that the data is encrypted and decrypted somehow on the https page, but that's as far as I have got.

I've just refined my search while writing this as I am using PHP and found [uk.php.net...] so I will check that out. If anyone knows any good tutorials on the basics of using https please let me know.




WebmasterWorld Senior Member 10+ Year Member

Msg#: 3879671 posted 5:43 pm on Mar 29, 2009 (gmt 0)

It just works :) Your host can tell you how to setup your own SSL certificate - if it's a shared SSL then they've already set it up. You only need to generate a key when buying your own cert.

Just link to the secure page using https instead of http.


WebmasterWorld Senior Member 10+ Year Member

Msg#: 3879671 posted 9:24 pm on Mar 31, 2009 (gmt 0)

I'm not sure I understand your question. If you're asking how to install your key & certificate, ask the key/cert provider. If you're asking how to make sure data is encrypted, that happens automatically once you get your key & certificate installed, and your visitors go to an https:// url. When they go to https://, the data is automatically encrypted in both directions, as long as you have a key & certificate installed.

But most of the time you want your visitors on plain, unencrypted http:// pages, because it's faster. Your server won't have to spend time encrypting the data, and the visitors computer won't have to spend time decrypting it (and vice versa for data that goes from the user to the server). So on unimportant pages you should direct requests from https:// to the http:// counterpart. But for pages that should be secure, like credit card info, you should do the opposite, and redirect any http:// requests to https:// requests. Make sure it's impossible for the user to put in credit card info on a http:// page, even if they type the http:// address by hand.


5+ Year Member

Msg#: 3879671 posted 5:52 pm on Apr 2, 2009 (gmt 0)

Thanks. I was trying to use the free shared SSL cert from my host. It turns out you just need to link to pages with https://hostnamestuff/mydomain/ and didnt need to set anything up. Not sure why they didnt put this info anywhere on their site, I had to email support. I think I was trying to set up a dedicated SSL without buying one :/

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved