The question about SSL

[Alex108]

I have never worked with SSL certificates before, so i wanted to ask some questions about SSL.There is a website, let's call it A that gives a particular paid service to a group of websites (group . When a registered user from any of websites B wants to use A he have to send to A some information includes user name and password. To owner of a B group convenient to use the same usernames and passwords for all these services. The one who can take possession of these data will be able to use sites A and B as well which is unacceptable. The question is: is the SSL could be a good solution for this situation? And do we can use the same usernames and passwords for A and B or it is better to use different usernames and passwords anyway? And is it correct that the owner of these websites needs to buy a SSL certificate for website A only.

[justsomeguy]

Those are two different issues. SSL encrypts traffic, it doesn't deal with usernames or passwords in any way. A site served over SSL has its traffic encrypted so that other people trying to spy on the traffic can't read the data. A normal SSL certificate will only secure a single domain, such as www.google.com but not google.com. A wildcard certificate can secure any subdomain, like *.google.com. I'm not aware of certificates which let you secure multiple domains, usually individual certificates are required.

[Alex108]

Those are two different issues. SSL encrypts traffic, it doesn't deal with usernames or passwords in any way. A site served over SSL has its traffic encrypted so that other people trying to spy on the traffic can't read the data. A normal SSL certificate will only secure a single domain, such as www.google.com but not google.com. A wildcard certificate can secure any subdomain, like *.google.com. I'm not aware of certificates which let you secure multiple domains, usually individual certificates are required.

All these websites have different domain names. Does it mean that SSL encrypts data which is coming from A to sites B only or it is also encrypts data that is coming from group B to A?

[justsomeguy]

It only encrypts traffic between the user's browser and whatever site they are viewing, as long as that site has a certificate installed and they access it over HTTPS.

[Alex108]

It only encrypts traffic between the user's browser and whatever site they are viewing, as long as that site has a certificate installed and they access it over HTTPS.

But if i understand you correctly it is a positive answer. Different users can have encrypted traffic with one site using HTTPS. I mentioned passwords only to show why encryption is important.

[justsomeguy]

That's correct, when you install the certificate for the domain, you can have as many people as you want access the domain over HTTPS to have their traffic encrypted.

[Alex108]

Thank you!Now, for example i have a website http://www.IhaveSSL.com with SSL certificate and i want to sent data to this site. Without SSL i can just create a form <form action="http://www.IhaveSSL.com/read_message.php" method="post"> etc.But if now it works with SSL how it affects a code? There must first be a secure connection established.

[Greywacke]

as far as i am aware, what you need to do is emulate a client form submittal to the domain - then send it via ssl to the domain you mentioned. that would mean that domain would have to have the ssl certificate installed correctly.

[Alex108]

Does it mean that i'll use the same form, but with https instead of http in URL:<form action="https://www.IhaveSSL.com/read_message.php" method="post">?

[justsomeguy]

If all you're doing is submitting a form, then yeah you just need to change the scheme to https.

[Alex108]

If all you're doing is submitting a form, then yeah you just need to change the scheme to https.

Thank you very much!