SitePoint Sponsor

User Tag List

Results 1 to 12 of 12

Thread: Installing SSL

  1. #1
    SitePoint Wizard
    Join Date
    Jan 2005
    Location
    blahblahblah
    Posts
    1,447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Installing SSL

    Hello,

    I've started looking at installing SSL for one of my projects. I must admit that I am more confused now than when I started (too many possibilities).

    All I want is:

    a) protect my login system (no cc business, just encrypt pwd).
    b) my users don't have to accepts a certificate, click on stuff to access my website. There's just the https://. Boom.

    What would you do?

    Regards,

    -jj.

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    You need to talk with your host. Having an SSL cert requires a few extra things like a dedicated IP address allocated for your domain.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,607
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    Following up on l_e's post, you can self-sign a cert (if your login members don't care about "approved" certificates) and there are many tutorials on that. It's probably a bit easier to do it with cPanel (actually, WHM) but you can also install a secure server (certificate) with direct access to your VPS.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  4. #4
    SitePoint Wizard
    Join Date
    Jan 2005
    Location
    blahblahblah
    Posts
    1,447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello,

    I talked my host. I can choose any certificate I want.

    Does anyone have experience with openssl? http://www.openssl.org/

    As I said, I don't want users to click on alert messages when accessing my site. So the certificate has to be trusted by browsers. I don't think it's the case with self-signed certificates, am I correct?

    Regards,

    -jj.

  5. #5
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,607
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    jj,

    By definition, a self-signed cert will generate a warning.

    OpenSSL is a known source and reputable.

    FWIW, many hosts will offer a discounted price (due to quantity) for SSLs from various CAs (Certificate Authorities).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  6. #6
    SitePoint Wizard
    Join Date
    Jan 2005
    Location
    blahblahblah
    Posts
    1,447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But will OpenSSL generate a warning or not? That's what I haven't been able to figure out.


  7. #7
    SitePoint Wizard
    Join Date
    Jan 2005
    Location
    blahblahblah
    Posts
    1,447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, I am looking at this page: http://www.thawte.com/ssl/index.html

    Here again, I have a hard time figuring out which option suits best my need. As I said:

    1) I want an https:// protocol without the user having to click on anything.
    2) I need subdomains to be covered as well.

    Would SSL123 Certificates be enough? What are exactly the advantages of SSL Web Server Certificates beside being usable over more than one domain (is it like having four certificates for the price of one)?

    Regards,

    -jj.

  8. #8
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,607
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    jj,

    Thawte certificates are good but the ones on your linked page are unrealistically expensive. Do a search for Certificate Authority and look at the various CAs products. If all you want is something which will not trigger a warning, just get the cheapest one you can find (from a reputable CA).

    If you have a good host, they'll often act as agents for CAs and offer very inexpensive certs - in the under $50 range!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  9. #9
    SitePoint Wizard
    Join Date
    Jan 2005
    Location
    blahblahblah
    Posts
    1,447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've searched and compared many CAs product, but they're all pretty much in the same range.

    I can't believe the open source community hasn't come up with a free solution... Or a very cheap one. That would be awesome.

    My provider doesn't offer discount.

    1. Can anyone think of a backup plan or will I have to pay full price?
    2. I'm still not usre if OpenSSL will generate a warning or not.
    3. If not, can I install OpenSSL on any host (as in shared one)?

    Regards,

    .jj.

  10. #10
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,607
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    jj,

    There ARE less expensive CA's than Thawte and many agents (subcontractors, if you will) who will discount based on multiple sales for the CA.

    Your OpenSSL "solution" is not a solution at all. It allows your server to have an SSL cert but you've still got to install the cert. If it's self-signed, it'll throw a warning (because browsers will not recognize the CA) so you're back at actually searching for SSLs at a reasonable price. If you still have problems, I'd been a reseller a few years ago (for my clients, of course) but may be able to re-start something for you. I'd have to add-on the cost of my time and effort, though, so you'd be better off using a search engine to find inexpensive CAs.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  11. #11
    SitePoint Wizard
    Join Date
    Jan 2005
    Location
    blahblahblah
    Posts
    1,447
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks a lot dklynn. Everything is clear now.

    If it is not, I will post again. I'll try to find something that at a reasonable price (any recommendations?). If I'm stuck, I'll ask you to do the job (through the market place, obviously )

    Regards,

    -jj.

  12. #12
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,607
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    jj,

    I don't use the Marketplace. Try a PM and I'll e-mail you back. However, I'm sure you'll find some reasonable prices with your search.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •