How to use ssl with php?

Asked

Viewed 2,051 times

1

I’ll buy a certification SSL for my website, however, I’m still not quite understanding how it works. The only thing I have to do to make the site "safe" is to add "https" to Urls, or I have to change something in the code php?

I appreciate the help.

php ssl

  • In PHP no, in Apache/NGINX yes, you need to import the private and public key to the server, in a safe place, not accessible to the public. Then indicate the ssl_certificate and ssl_certificate_key. I do not answer your question because I do not specify which server you are using (apache, Nginx....) nor do you have access to such settings.

  • @Inkeliz use apache and have access to settings.

  • 1

    You also did not specify the OS you are using. The environment and form change depending on the OS.

1 answer

1

In Apache, just add (create a new VirtualHost):

SSLEngine on
SSLCertificateFile /caminho/para/seu_site_certificado.crt
SSLCertificateKeyFile /caminho/para/sua_chave_privada.key
SSLCertificateChainFile /caminho/para/seu_certificado_intermediario.crt

Usually this file is in /etc/httpd/ (in the case of Centos, for example) or /etc/apache2/ (in the case of Ubuntu, for example).

Explaining each resource:

  • SSLCertificateFile: Sets your certificate path (usually named as meusite_com_br.crt, or similar).

  • SSLCertificateKeyFile: Sets the private key path (usually named with the extension .key, but this is what you generate using the openssl for example, to obtain the .csr).

  • SSLCertificateChainFile: Sets the path to the CA-Bundle (usually named as comodo.crt in the case of only the middleman or seusite_com_br.ca-bundle in case there is the root and the middleman).

In addition you must accept connection on the port 443 instead of 80, for example:

<VirtualHost 111.111.111.111:443>

If you use :80 won’t work, don’t forget to open the door 443 in the firewall, in case for some reason disconnect all doors.

In the end you’ll have something like this:

<VirtualHost 192.168.0.1:80>
   DocumentRoot /local/do/html
   ServerName exemplo.com
</VirtualHost>

<VirtualHost 192.168.0.1:443>
   DocumentRoot /local/do/html
   ServerName exemplo.com
   SSLEngine on
   SSLCertificateFile /crt/exemplo_com.crt
   SSLCertificateKeyFile /crt/exemplo_com.key
   SSLCertificateChainFile /crt/exemplo_com.ca-bundle

   SSLOptions +StrictRequire
   SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
   SSLCompression off
</VirtualHost>

The SSLOptions +StrictRequire, SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 and the SSLCompression off are optional, but I recommend using. The first will prohibit connecting if not connected using HTTPS, in short. The second will disable the SSL and will enable the TLS, TLS 1.1 and the TLS 1.2, the SSLv2 is vulnerable and the SSLv3 has the bug of POODLE, so they’re both shut down by -all. The SSLCompression off is to avoid the problem of CRIME Attack.

In PHP no change is required except renaming the links from http:// for https://, if need be. In addition you can create a redirect of http:// to the https://, so that all connections become about SSL/TLS.

  • Thank you so much for the help @Inkeliz

Browser other questions tagged php ssl

You are not signed in. Login or sign up in order to post.