How to use ssl with php? [closed]

Question

How to use ssl with php? [closed]

Navigation

#1 by (1 votes)

1

I'm going to buy an SSL certification for my site, however, I still do not quite understand how it works. The only thing I have to do to make the site "safe" is to add "https" in URLs , or do I have to change anything in the php p>

Thanks for the help.

php ssl

asked by anonymous 23.02.2017 / 15:26

1 answer



                    
        

         
                            @QueryParam - Date Type
                                        Popular a select generated by javascript

score 1 · Answer 1

In Apache, just add (create a new VirtualHost ):

SSLEngine on
SSLCertificateFile /caminho/para/seu_site_certificado.crt
SSLCertificateKeyFile /caminho/para/sua_chave_privada.key
SSLCertificateChainFile /caminho/para/seu_certificado_intermediario.crt

Usually this file is in /etc/httpd/ (in the case of CentOS, for example) or /etc/apache2/ (in the case of Ubuntu, for example).

Explaining each resource:

SSLCertificateFile : Defines the path of your certificate (usually named as meusite_com_br.crt , or similar).
SSLCertificateKeyFile : Defines the path of the private key (usually named with the .key extension, but this is what you generate using openssl for example, to get .csr ). / p>
SSLCertificateChainFile : Sets the path to the CA-Bundle (usually named as comodo.crt in case of only the intermediate or seusite_com_br.ca-bundle root and the intermediate ).



 You should also accept a connection on the    443     port instead of    80    , for example: 

<VirtualHost 111.111.111.111:443>


 If you use    :80     will not work, be sure to open the    443     port on the firewall, if for some reason turn off  all ports . 


 At the end it will look something like this: 

<VirtualHost 192.168.0.1:80>
   DocumentRoot /local/do/html
   ServerName exemplo.com
</VirtualHost>

<VirtualHost 192.168.0.1:443>
   DocumentRoot /local/do/html
   ServerName exemplo.com
   SSLEngine on
   SSLCertificateFile /crt/exemplo_com.crt
   SSLCertificateKeyFile /crt/exemplo_com.key
   SSLCertificateChainFile /crt/exemplo_com.ca-bundle

   SSLOptions +StrictRequire
   SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
   SSLCompression off
</VirtualHost>


 The    SSLOptions +StrictRequire    ,    SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2     and    SSLCompression off     are optional, however I recommend using. The first one will prohibit connecting if it is not connected using HTTPS, in summary. The second will disable    SSL     and will enable    TLS    ,    TLS 1.1     and    TLS 1.2    ,    SSLv2     is vulnerable and    SSLv3     has the  POODLE , so both are turned off by    -all    .     SSLCompression off     is to avoid the problem of  CRIME attack . 


 In PHP no changes are required except rename the links from    http://     to    https://    , if need be. You can also create a redirection from    http://     to    https://    , so that all connections become SSL / TLS.