How to use ssl with php? [closed]

1

I'm going to buy an SSL certification for my site, however, I still do not quite understand how it works. The only thing I have to do to make the site "safe" is to add "https" in URLs , or do I have to change anything in the php p>

Thanks for the help.

    
asked by anonymous 23.02.2017 / 15:26

1 answer

1

In Apache, just add (create a new VirtualHost ):

SSLEngine on
SSLCertificateFile /caminho/para/seu_site_certificado.crt
SSLCertificateKeyFile /caminho/para/sua_chave_privada.key
SSLCertificateChainFile /caminho/para/seu_certificado_intermediario.crt

Usually this file is in /etc/httpd/ (in the case of CentOS, for example) or /etc/apache2/ (in the case of Ubuntu, for example).

Explaining each resource:

  • SSLCertificateFile : Defines the path of your certificate (usually named as meusite_com_br.crt , or similar).

  • SSLCertificateKeyFile : Defines the path of the private key (usually named with the .key extension, but this is what you generate using openssl for example, to get .csr ). / p>
  • SSLCertificateChainFile : Sets the path to the CA-Bundle (usually named as comodo.crt in case of only the intermediate or seusite_com_br.ca-bundle root and the intermediate ).

You should also accept a connection on the 443 port instead of 80 , for example:

<VirtualHost 111.111.111.111:443>

If you use :80 will not work, be sure to open the 443 port on the firewall, if for some reason turn off all ports .

At the end it will look something like this:

<VirtualHost 192.168.0.1:80>
   DocumentRoot /local/do/html
   ServerName exemplo.com
</VirtualHost>

<VirtualHost 192.168.0.1:443>
   DocumentRoot /local/do/html
   ServerName exemplo.com
   SSLEngine on
   SSLCertificateFile /crt/exemplo_com.crt
   SSLCertificateKeyFile /crt/exemplo_com.key
   SSLCertificateChainFile /crt/exemplo_com.ca-bundle

   SSLOptions +StrictRequire
   SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
   SSLCompression off
</VirtualHost>

The SSLOptions +StrictRequire , SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 and SSLCompression off are optional, however I recommend using. The first one will prohibit connecting if it is not connected using HTTPS, in summary. The second will disable SSL and will enable TLS , TLS 1.1 and TLS 1.2 , SSLv2 is vulnerable and SSLv3 has the POODLE , so both are turned off by -all . SSLCompression off is to avoid the problem of CRIME attack .

In PHP no changes are required except rename the links from http:// to https:// , if need be. You can also create a redirection from http:// to https:// , so that all connections become SSL / TLS.

    
27.02.2017 / 13:03