SSL Certificates

[Viper114]

Things beyond my control are causing me to rush a bit in getting the website moved. I'm working hard to try and get it done, but something else has come up that I may need some help with.SSL Certificate. I know that our website's "basket" area is protected by an SSL certificate to ensure customer information, especially credit info, is secure. With the move to Amazon's service, it looks like I may need to create our own self-signed SSL certificate to ensure the basket area remains secure. I have found guides that walk through how to make one yourself and configuring apache to allow it, but something else has come to mind. The guides I found don't really indicate where the SSL certificate goes afterwards, and also doesn't suggest which sections should be governed by the certificate (as only the basket section uses it, not anything else). How would I find out that information?

[boen_robot]

The certificate file can go anywhere in the server. It's just that the server must be configured to load it.The sections governed by the certificate are the whole domain. Whether you use it on other sections or not doesn't exactly matter. You can use it to secure data on the whole domain, as long as the server is configured to accept such HTTPS requests. You can configure certain HTTP requests to be redirected to HTTPS equivalents to make sure places that must be secured don't get used unsecurely, and you could go the other way around too, though that would be pointless for the most part.

[Viper114]

Actually, it was suggested to me just a while ago to look at something like Verisign to get an SSL certificate done. Makes sense, they know how to do it and could easily do it better than I could.

[boen_robot]

It's not only about that... for an SSL to work without warnings on the user, the user/browser needs to be sure the certificate itself is valid and not forged. There can't really be insurance the certificate hasn't been tampered with. So, every browser comes with certain signatures against which certificates are verified. The so called "Root certificates". A self signed certificate is obviously not amont those, though you can add it. Verisign's signature however is among those root certificates, so certificates issued by it will work for all users/browsers, not just those who've previously downloaded and installed your certificate.Verisign is not responsible for the configuration of your server. Only for the creation of the certificate. The same process you've already went through with your self signing.

[davej]

Is SSL something you have to write code to support or do the browser and server do it automatically and transparently when the SSL certificate is present? Thanks.

[boen_robot]

Present and configured.You don't write "code" for it specifically, but you need to tell the server where the certificate is, what domain do you want to use it for, on what port, and perhaps a few other settings I'm missing.Once you do that, the browser and the server do the rest (encryption, decryption, verification) automatically.

[davej]

Present and configured.You don't write "code" for it specifically, but you need to tell the server where the certificate is, what domain do you want to use it for, on what port, and perhaps a few other settings I'm missing.Once you do that, the browser and the server do the rest (encryption, decryption, verification) automatically.

Sounds easier than I expected. I would like to experiment with SSL but I understand a dedicated IP address is required and I don't think that my shared hosting offers that.

[boen_robot]

Certificates operate on domain basis. You are only required to have your own domain name.If your shared host offers SSL, it's probably best to use that. If not, you might want to consult with them about how to use the certificate when you buy it.If you were to be your own host for whatever reason, it's best you do what Viper114 did - play around with a self signed certificate until you get THAT working, so that you may then just swap the self signed certificate with your true one.