SitePoint Sponsor

User Tag List

Results 1 to 17 of 17
  1. #1
    SitePoint Addict amy.damnit's Avatar
    Join Date
    Sep 2009
    Posts
    336
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Test SSL Certificate??

    Tomorrow I will be getting a "test" web hosting account. It will have a Dedicated IP address, but no domain yet.

    One of the things I will need to test on my Seminar Registration website is whether my HTTPS connection is working properly. (I want all log-in information encrypted.)

    To get an SSL Certificate, the web host requires you give out a full name, company name, address, etc. I am unwilling to do this for a test account.

    Question:
    How can I test my HTTPS connection without an SSL Certificate?

    I believe someone said on here the other week that I could just make one up myself for testing purposes?!

    Is that true?

    And if so, how would I do that?

    Obviously when my site goes "live", I will have a real SSL Certificate, but for now I don't want to give out all of my info for privacy reasons and because I need to work out some things with my Registered Agent.

    Thanks,


    Amy

    P.S. This will be on a "Shared" Server, but with a Dedicated IP. Not sure if that affects how you would make up a "test" SSL Certificate?!

  2. #2
    SitePoint Enthusiast
    Join Date
    May 2009
    Location
    Latvia, Riga
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For testing purposes you can write certificate yourself or ask neighbor's help. Only problem with self written certificates is that the internet browser will warn you about security warning.
    Maybe there is something else too (i'm not so advaced) ...

  3. #3
    SitePoint Addict amy.damnit's Avatar
    Join Date
    Sep 2009
    Posts
    336
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Anpher View Post
    For testing purposes you can write certificate yourself or ask neighbor's help. Only problem with self written certificates is that the internet browser will warn you about security warning.
    Maybe there is something else too (i'm not so advaced) ...
    Does anyone know how to do this??

    It would be nice to be able to use HTTPS to register a user successfully on my test account with the need to gte an SSL Certificate for testing.

    Thanks,


    Amy

  4. #4
    SitePoint Wizard lorenw's Avatar
    Join Date
    Feb 2005
    Location
    was rainy Oregon now sunny Florida
    Posts
    1,098
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    You could ask them to generate a cert for you. Or just use http:// untill you go live. When you get your SSL you can use https:// and if you can see your form, everything is working as should. We install certs all of the time and they always work fine, no testing required.
    What I lack in acuracy I make up for in misteaks

  5. #5
    SitePoint Addict amy.damnit's Avatar
    Join Date
    Sep 2009
    Posts
    336
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lorenw View Post
    You could ask them to generate a cert for you. Or just use http:// untill you go live. When you get your SSL you can use https:// and if you can see your form, everything is working as should. We install certs all of the time and they always work fine, no testing required.
    So are you implying that I don't have to do anything differently on my end whether I am submitting a form via HTTP or HTTPS??

    Certainly there must be some difference in my PHP code, right?

    Also, you seem to be implying that the web host shouldn't have any glitches on their end installing an SSL Certificate. That part I don't doubt. But I'm not so confident in my newbie PHP/web coding skills that there won't be a hiccup on my end right before I go live!!

    See what I mean?!


    Amy

  6. #6
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,788
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    The only time there is any difference in PHP between accessing it from HTTP or HTTPS is if you are testing which port is being used. Provided you test for both port 80 and 443 for any port tests it will work idenically on both.

    Usually when prople create their own certificate it is for use in testing on their own computer before uploading to the web. Many shared web hosts have things set up so that they have to install certificates on their server and they probably wouldn't install a self generated one to a live environment.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  7. #7
    SitePoint Addict amy.damnit's Avatar
    Join Date
    Sep 2009
    Posts
    336
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by felgall View Post
    The only time there is any difference in PHP between accessing it from HTTP or HTTPS is if you are testing which port is being used. Provided you test for both port 80 and 443 for any port tests it will work idenically on both.

    Usually when prople create their own certificate it is for use in testing on their own computer before uploading to the web. Many shared web hosts have things set up so that they have to install certificates on their server and they probably wouldn't install a self generated one to a live environment.
    Hi Stephen! How is it "Down Under"?!

    Say, could you maybe post a small PHP snippet of what code i would need to send Registration Data to the server over HTTPS?

    I am just curious what specific code might reference a port and what it would look like?!

    Regardless, it doesn't sound like it is a big deal and I can just test it with a real SSL Certificate when I'm about ready to go live, right?

    Thanks,


    Amy

  8. #8
    SitePoint Wizard lorenw's Avatar
    Join Date
    Feb 2005
    Location
    was rainy Oregon now sunny Florida
    Posts
    1,098
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    To the casual user there is no difference between https and http. There are not any PHP changes required. Just before going live, change your links to https and you will be fine.

    The port thing is automatic and seamless to the user. any page with http will automatically go to port 80, https automatically goes through port 443.

    So without you even knowing it you have been going through these ports everytime you surf the web.
    What I lack in acuracy I make up for in misteaks

  9. #9
    SitePoint Addict amy.damnit's Avatar
    Join Date
    Sep 2009
    Posts
    336
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lorenw View Post
    To the casual user there is no difference between https and http. There are not any PHP changes required. Just before going live, change your links to https and you will be fine.

    The port thing is automatic and seamless to the user. any page with http will automatically go to port 80, https automatically goes through port 443.

    So without you even knowing it you have been going through these ports everytime you surf the web.
    That is good to know, but being new to PHP, I'm still having a hard time visualizing the code.

    So you are saying - and I am pulling this out of thin air - that my code might look like this

    For HTTP
    Code:
    <form action="http://www.register.php" method="post">
    
    </form>
    and like this...

    For HTTPS
    Code:
    <form action="https://www.register.php" method="post">
    
    </form>
    Does that sound right? (Sorry, I'm a visual kind of person?!)

    Thanks,


    Amy

  10. #10
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,788
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by amy.damnit View Post
    That is good to know, but being new to PHP, I'm still having a hard time visualizing the code.

    So you are saying - and I am pulling this out of thin air - that my code might look like this

    For HTTP
    Code:
    <form action="http://www.register.php" method="post">
    
    </form>
    and like this...

    For HTTPS
    Code:
    <form action="https://www.register.php" method="post">
    
    </form>
    Does that sound right? (Sorry, I'm a visual kind of person?!)

    Thanks,


    Amy
    That's right. As far as most scripts are concerned the only difference is changing that one letter in the action attribute used to call the script.

    The easiest way to tell if your script tests for http or https is to look for any references in the script to 80 or 443. If neither of those numbers is referenced then the script doesn't do any processing that is specific to either one.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  11. #11
    SitePoint Addict amy.damnit's Avatar
    Join Date
    Sep 2009
    Posts
    336
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by felgall View Post
    That's right. As far as most scripts are concerned the only difference is changing that one letter in the action attribute used to call the script.

    The easiest way to tell if your script tests for http or https is to look for any references in the script to 80 or 443. If neither of those numbers is referenced then the script doesn't do any processing that is specific to either one.
    Oops, you lost me on that second part!

    Are you saying that to submit a user's registration information securely I would need to test for Port 443 or explicitly request the user's data be sent over Port 443 or is just prefixing the action attribute ('https://www.register.php') going to be enough??



    Amy

  12. #12
    Follow: @AlexDawsonUK silver trophybronze trophy AlexDawson's Avatar
    Join Date
    Feb 2009
    Location
    England, UK
    Posts
    8,111
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    Amy, keeping things at their simplest, the only thing you need to change in most cases is (as you pointed out) the change in the protocol (https:// rather than http://). SSL certificates enable the server to encrypt and pass the content across the different protocol. It really is as simple as installing the certificate and swapping the POST address from HTTP to HTTPS, If you wanted to secure a registration, sending them to the prefixed HTTPS address will be enough, because it's transmitting the traffic over a secure connection in preference to standard HTTP.

  13. #13
    SitePoint Addict amy.damnit's Avatar
    Join Date
    Sep 2009
    Posts
    336
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by AlexDawson View Post
    Amy, keeping things at their simplest, the only thing you need to change in most cases is (as you pointed out) the change in the protocol (https:// rather than http://). SSL certificates enable the server to encrypt and pass the content across the different protocol. It really is as simple as installing the certificate and swapping the POST address from HTTP to HTTPS, If you wanted to secure a registration, sending them to the prefixed HTTPS address will be enough, because it's transmitting the traffic over a secure connection in preference to standard HTTP.
    Alex,

    Okay, thanks for veryifying that I understand you all! *whew*

    Sorry, I just like to be precise in my knowledge and make sure nothing is getting lost in the cracks in my head!!

    Sincerely,


    Amy

  14. #14
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There is little point in the script that receives the login details checking that they came in over SSL. By the time that script is executed the information has already been sent over the wire, unencrypted.

    As mentioned you just need to setup your links and form actions to use https://

    SSL and the encryption process is handled by the users browser and your web server software. By the time PHP gets it's $_POST data it's all been done, which is why you don't need to code differently to handle data over SSL.

  15. #15
    SitePoint Addict amy.damnit's Avatar
    Join Date
    Sep 2009
    Posts
    336
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cranial-bore View Post
    There is little point in the script that receives the login details checking that they came in over SSL. By the time that script is executed the information has already been sent over the wire, unencrypted.

    As mentioned you just need to setup your links and form actions to use https://

    SSL and the encryption process is handled by the users browser and your web server software. By the time PHP gets it's $_POST data it's all been done, which is why you don't need to code differently to handle data over SSL.
    Thanks for the comments, Mike!


    Amy

  16. #16
    SitePoint Member
    Join Date
    May 2009
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can use self signed certificates but it is recommended to use certificates signed by certificate authorities like GeoTrust or RapidSSL and VeriSign,
    Last edited by Shyflower; Oct 7, 2009 at 22:57. Reason: removed faux signature

  17. #17
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,788
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by steven_seagal View Post
    You can use self signed certificates but it is recommended to use certificates signed by certificate authorities like GeoTrust or RapidSSL and VeriSign,
    Not for testing it isn't. Why would you pay for a certificate that only you are ever going to see?

    Or is it that you don't trust that your self signed certificate was actually issued by yourself. Only those with a split personality need to worry regarding a self signed certificate used only for testing.

    You only need a certificate from a recognised authority once the site goes live and people other than you get to see the certificate.
    Last edited by Shyflower; Oct 7, 2009 at 22:58.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •