/    Sign up×
Community /Pin to ProfileBookmark

client app requires https

Copy linkTweet thisAlerts:
Jul 31.2005

Hi,

I am about to start work on an e-commerce application for my client. it will be hosted on a self-made dedicated PC with web server software including php and mysql.

For payment processing we will require the connection to be secure. Since this web server is being built and hosted in-house is it possible for me to have my own https socket??? – I do understand that I may have issues is having a legal certificate but I just wanted to know if its possible to run https on the web server – if so how?

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@BeachSideJul 31.2005 — Wrong forum...

Yes you can setup https. The setup will be dependant upon what OS you are using. Also you need to purchase a SSL cert. They are not much. I just got one for a client for $125 US/2years from http://www.instantssl.com/
Copy linkTweet thisAlerts:
@Stephen_PhilbinJul 31.2005 — If it's on Linux, then it's very easy. I have it on my own PC (this one I'm typing on now). https://www.dootdootdoodydoodydootdoodoooo.com/ is me. Obviously you get a cert warning, but the only difference between mine and any other "legal" one as you put it, is I made my own X509 (self signed) instead of paying someone to sign it for me. In fact, the encryption strength and security on a connection you get from me is stronger and more secure than a lot of other "secure" sites.

Setting up is very easy. The hardest bit is deciding who you want to sign your cert.

I made a few posts to help someone set up Linux on their computer which included adding an SSL/TLS connection, it was in this thread: http://www.webdeveloper.com/forum/showthread.php?t=65397

Instead of using the command line instructions for making an X509, just read the howto in the docs that come with OpenSSL for making a CSR instead.
Copy linkTweet thisAlerts:
@bokehJul 31.2005 — It's easy on windows too. The only thing is the file needs to be complied. If you need it I can email you SSL for apache 2.0.54 (win32). One thing to remember with SSL is you can only run multiple certificate on multiple IPs. You cannot use name based virtual hosts for https.

By the way I recently bought a 2 year certificate for 80 bucks and I believe godaddy do them even cheaper.

Lastly SSL only protects data whilst it is being transmitted. You need to think about how you will protect that data when it is stored on the server or being forwarded to other parties. If the server does get hacked you don't want to supply the hacker with all of your clients' credit card details so you will need to encrypt these at the very least.

Tell us more about the server.
×

Success!

Help @dalar spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.19,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...