homepage Welcome to WebmasterWorld Guest from 54.81.170.186
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

    
Any good https/SSL Tutorials?
tomhumf




msg:3879673
 10:07 pm on Mar 26, 2009 (gmt 0)

Hi,

I've been searching Google and here for a while and haven't found what I'm looking for.

I've written a shopping cart for use with Paypal payments. I know it isn't neseccary to use https as I wont be handling CC info, but for user experience would like the 'secure feeling'.

I have a free shared SSL with my host and have generated the keys/certs through Cpanel.

I just haven't got a clue what to do with them. I can't find any tutorials from the host. I vagely understand that the data is encrypted and decrypted somehow on the https page, but that's as far as I have got.

I've just refined my search while writing this as I am using PHP and found [uk.php.net...] so I will check that out. If anyone knows any good tutorials on the basics of using https please let me know.

Cheers!

 

mattur




msg:3881257
 5:43 pm on Mar 29, 2009 (gmt 0)

It just works :) Your host can tell you how to setup your own SSL certificate - if it's a shared SSL then they've already set it up. You only need to generate a key when buying your own cert.

Just link to the secure page using https instead of http.

MichaelBluejay




msg:3882723
 9:24 pm on Mar 31, 2009 (gmt 0)

I'm not sure I understand your question. If you're asking how to install your key & certificate, ask the key/cert provider. If you're asking how to make sure data is encrypted, that happens automatically once you get your key & certificate installed, and your visitors go to an https:// url. When they go to https://, the data is automatically encrypted in both directions, as long as you have a key & certificate installed.

But most of the time you want your visitors on plain, unencrypted http:// pages, because it's faster. Your server won't have to spend time encrypting the data, and the visitors computer won't have to spend time decrypting it (and vice versa for data that goes from the user to the server). So on unimportant pages you should direct requests from https:// to the http:// counterpart. But for pages that should be secure, like credit card info, you should do the opposite, and redirect any http:// requests to https:// requests. Make sure it's impossible for the user to put in credit card info on a http:// page, even if they type the http:// address by hand.

tomhumf




msg:3884225
 5:52 pm on Apr 2, 2009 (gmt 0)

Thanks. I was trying to use the free shared SSL cert from my host. It turns out you just need to link to pages with https://hostnamestuff/mydomain/ and didnt need to set anything up. Not sure why they didnt put this info anywhere on their site, I had to email support. I think I was trying to set up a dedicated SSL without buying one :/

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved