Basics for implementing SSL on PHP Website

Posted by KoolKabin on Stack Overflow See other posts from Stack Overflow or by KoolKabin
Published on 2010-03-23T07:36:40Z Indexed on 2010/03/23 7:43 UTC
Read the original article Hit count: 356

Filed under:

ssl

|

credit-card

|

php

Hi guys,

I am here as a developer of a website. My website got different modules among which one function is to process credit card. In order to process credit card I need to implement SSL layer and process the pages. For rest of modules the SSL is optional.

Now my points are:

1.) Is the location of file for http and https same?

2.) Can the session of http and https be shared? this is required as i need user login information and cart item information.

© Stack Overflow or respective owner

Related posts about ssl

Plesk SSL Certificate (Default cert when SSL enabled, CORRECT cert when SSL is disabled)

as seen on Server Fault - Search for 'Server Fault'
I'm running Plesk 8.6.0: I have an SSL cert installed through Plesk's admin interface. But I have a bit of an issue: When I enabled SSL for the site, and selected my cert, then restart httpd, Plesk defaults to using my self-signed default certificate. Conversely, when I disable SSL support for the… >>> More
apache renew ssl not working [on hold]

as seen on Server Fault - Search for 'Server Fault'
Downloaded a new ssl cert from go daddy and installed the cert on apache2 server put the cert in /etc/ssl/certs/ folder put the gd_bundle.crt in the /etc/ssl/ folder private key is in /etc/ssl/private/private.key I just replaced the original files with the new files, did not replace the private… >>> More
Cant connect to mysql using self signed SSL certificate

as seen on Server Fault - Search for 'Server Fault'
After creating a self-signed SSL certificate, I have configured my remote mysqld to use them (and ssl is enabled) I ssh into my remote server, and try connecting to its own mysqld using ssl (mysql server is 5.5.25).. ~> mysql -u <user> -p --ssl=1 --ssl-cert=client.cert --ssl-key=client… >>> More
How to log invalid client SSL certificate in SSL

as seen on Server Fault - Search for 'Server Fault'
I have a IIS web site which requires client certificate. I have turned off CRL checking. The client is unable to access the web site - he gets 403.17 (certificate expired) error. I would like to log the certificate he is using, becaue I think he is using the wrong certificate. Is there a way to… >>> More
Mixing SSL and non-SSL content in an Apache2 virtual host

as seen on Server Fault - Search for 'Server Fault'
I have a (hopefully) common scenario for one of my sites that I just can't seem to figure out how to deploy correctly. I have the following site and directories for example.com: These need to require SSL: /var/www/example.com/admin /var/www/example.com/order These need to be non-SSL: /var/www/example… >>> More

Related posts about credit-card

Maximum Year in Expry Date of Credit Card

as seen on Stack Overflow - Search for 'Stack Overflow'
Various online services have different values for maximum year of expiry, when it comes to Credit Cards. For instance: Basecamp: +15 years (2025) Amazon: +20 years (2030) Paypal: +19 years (2029) What is the reasonable maximum here? Are there any official guidelines? >>> More
Thoughts on security model to store credit card details

as seen on Stack Overflow - Search for 'Stack Overflow'
Here is the model we are using to store the CC details how secure does this look? All our information is encrypted using public key encryption and the keypair is user dependent (its generated on the server and the private key is symmetric encrypted using the users password which is also Hashed on… >>> More
Credit card system implementation?

as seen on Stack Overflow - Search for 'Stack Overflow'
My site is going to have a credit system that basically works a lot like a credit card. Each user has an unlimited credit limit, but at the end of each week, they have to pay it off. For example, a user might make several purchases between March 1st and 7th, and then at the end of March 7th, they… >>> More
Create an iTunes Account without a credit card

as seen on How to geek - Search for 'How to geek'
iTunes Store offers a large variety of free content, but to download it you have to have an account. Usually you have to enter your credit card information to sign up, but here’s an easy way to get an iTunes account for free downloads without entering any payment info. Although iTunes Store is known… >>> More
Somebody is storing credit card data - how are they doing it?

as seen on Stack Overflow - Search for 'Stack Overflow'
Storing credit card information securely and legally is very difficult and should not be attempted. I have no intention of storing credit card data but I'm dying to figure out the following: My credit card info is being stored on a server some where in he tworld. This data is (hopefully) not being… >>> More