Making changes for https

PHP
1

hi all

my site is in php+mysql and i m on shared hosting

i am planning to buy ssl certificate for my site and will be using it for some of the pages.

i m using absolute paths for images and scripts so that i will change accordingly.

Can you tell

  1. rest what all changes do i have to make in my page coding ?

  2. will i be able to use same sessions ?

  3. Does it make any difference if i make whole site https OR use https for just some pages like login etc.

vineet

2

You have identified properly the changes you need to make. Any link exists on or links to a https page needs to start with https://. If after you configure your certificate, if you get ‘mixed http/https’ message then most likely it Flash or JavaScript that needs to be adjusted.

Yes you will be able to use the same sessions.

It does make a difference; https needs to do two trips as opposed to one for http. There are some sites that have chosen recently to use HTTPS exclusively - with computers, internet connections and browsers processing being quicker these days, it can be argued that you don’t need to use http; however I still only secure the pages that require secure data. I just think save the users some grief if the load becomes great.

3

hi ServerStorm

thanks for the reply.

I know they will be installing the SSL Certificate on my online hosting account.

But i want to test my code that i change for https on localhost before making it online.

I dont want the error or any message to be displayed to my customer while i m testing it online.

what can be done ?

vineet

4

Hi,

You can go on google and search for generating a self-signed certificate. You can then configure the self-signed certificate in the same way that you will with your real cert. When you test you will get a warning that it is not using a secure certificate, but you can test all your content that is secured using https.

So yes it can be done, just a little work. I doesn’t hurt to know how to do this so it is time well spent.

Regards,
Steve

5

ok one more question.

i know i have to redirected the links for internal pages. but what about index page.

When the hosting provider will install the ssl certificate then if a user will type “domain.com” then the site will automatically get redirected to “https://domain.com” or it will still open at “domain.com

because index.php loads automatically when the domain name is typed in address bar

vineet

6

[SIZE=3]Hi,

This can be enforces a couple of different way.[/SIZE]

  1. Use stealth redirection. You configure this via your Public DNS. Not all DNS hosts support this service. When users type http://, https:// or just your domain they will be redirected to https://your_domain.com
  2. Use mod-rewrite configured on your server. If you are using Apache then this would be set in a .htaccess file and you would need to have the mod-rewrite module enable on the server your using; typically hosts have this enabled with shared hosting.


Regards,
Steve

7