What is SSL?

[ABo YaSSeR 4 EvER]

 

Hi,

 

How can I use SSL in with PHP ?

 

Why It's important to use SSL? and When ?

 

What is SSL Certifications?

 

 

??? ??? ???

[fert]

do you know what google is?

[448191]

Or wikipedia?

[fenway]

 

Hi,

 

How can I use SSL in with PHP ?

 

Why It's important to use SSL? and When ?

 

What is SSL Certifications?

 

 

??? ??? ???

 

All excellent questions... sorry you've been getting the cold shoulder.  I don't know specifically what interactions with PHP are relevant, but simply put, it's a secure (read; encrypted) way to send information to and from the browser.

[Daniel0]

It is important to use when you are transferring sensitive information (such as credit card information). An SSL certificate is a certificate proving who you are (I think). You can sign a certificate yourself so generally certificates are only trusted if they are from a well established signer (as VeriSign).

[448191]

I still think the wikipedia page is a good read. In addition you may want to read on certificate authorities too.

 

Wikipedia is your friend. 

[fenway]

I still think the wikipedia page is a good read.

True, but it's just more information... no answers.

[Ninjakreborn]

This is what I know about SSL, only the information I have picked up while working.

 

SSL = Secure Socket Layers.

There are 2 things involved in an SSL system

1. An SSL certificate - which is a keycode on the server given by a specific place.

2. An SSL Key - what combines with teh certificate to "activate" it. 

 

The purpose of an SSL certificate is to prove you are worth something, and trustworty.  If a trustworthy company gives you a certificate, that means you are more likely to be trustworthy.  That is what an SSL certificate and key are.

 

As far as SSL itself it's an extra part of the url.

If you visit

http://www.godaddy.com you are on there original page

If you visit

https://www.godaddy.com you are on there encrypted page.

There is a difference, when it has http then the data is requested from the server, the server go through it's processes and serve's the page.  WHen it's SSL which is https it does the same thing, except right before it sends it to the browser, it run's it through a program that encrypt's the information during transit, this increases security on a high scale.  It's not flawless, but it's better than non-encrypted.  However it also adds more overhead to the server so you have to remember to only use it when you need it (when sending sensitive information, or something similar).  It's not even really worth using it (in my opinion) for password.  More of for things like social security numbers, driver's liscence number's, credit card number's, or other sensitive or important information. 

 

PHP programming in SSL

it's the same thing.  Everything is programmed exactly the same, except if you are doing full url's in your links or references you have to include https instead of http to keep them on the secure connection.

I hear with CURL (not 100% sure) you can setup your own SSL using PHP/Curl without having to have an ssl connection (https).  That I am not 100% sure of, but everything else in relation to PHP programming on an encrypted (https) website is the same as a standard website seeing that the https doesn't actually "change" anything, it just encrypts the data during transit on a very high level, far more than what you could do with natural programming (I would assume).

[448191]

True, but it's just more information... no answers.

 

I guess you're right about that. I always think it's best people deduct their own answers, based on objective information.

 

However, at the risk of tainting an innocent soul with biased and possibly partly incorrectly generalized information:

 

How can I use SSL in with PHP ?

 

You need an SSL library such as OpenSSL and you need to configure your server software. You'll also need to buy a certificate from a CA such as VeriSign. Then that server can make encrypted transfers and the identity of your server will be reconized by clients as 'verified'.

 

So you see, PHP doesn't have much do with it directly. Most of it is taken care of on the server level, not application level.

 

Why It's important to use SSL? and When ?

 

To avoid traffic interception and forgery. So basicly to boost security of transfers and provide authentication of the server to it's clients.

 

What is SSL Certifications?

 

Well, I don't think I can put it any better than this bit from wikipedia:

 

A CA will issue a public key certificate which states that the CA attests that the public key contained in the certificate belongs to the person' date=' organization, server, or other entity noted in the certificate. [u']A CA's obligation in such schemes is to verify an applicant's credentials, so that users (relying parties) can trust the information in the CA's certificates.[/u] The usual idea is that if the user trusts the CA and can verify the CA's signature, then they can also verify that a certain public key does indeed belong to whomever is identified in the certificate.

[steelmanronald06]

Everything you just said 448191 was found on wikipedia.

[448191]

I know. 

[fenway]

Sometimes it's important to distill out the important parts, even though it may be obvious to the more experienced among us.

[ABo YaSSeR 4 EvER]

Thank u alot. everyone

 

 

as I understood, some informations such as Credit Card number may be Known by somebody? right?

 

Who is this (somebody) ?

 

 

I mean how can a (somebody) see this information, I expect he must be ISP? or not ?

 

However, Assuming that I Used SSL from (VeriSign), on my server. How can I use it? just use https:// insted of http:// ???

 

or I have to use OpenSSL PHP Functions ???

 

 

 

Is there any body using SSL in his website? to tell me How ??

[steelmanronald06]

Technically, were not here to tell you HOW to do something.  We are here to tell you what you are doing WRONG.  So if you went to, say OpenSSL or some other resource and started using SSL but ran into a bump, we would help you get over that bump. But for us to tell you how something is done when you haven't made an VISIBLE attempt to figure it out yourself borders on breaking forum rules of, "Don't ask us to do the work for you." 

 

Now, if you have attempted to learn it on your own, and there is something you don't understand, like how a person gets your credit card information, then that is a plausible answer.  The answer to that is malicious hackers (notice I say malicious because not all hackers are bad) have an enormous amount of time on their hands in which they use to find out means to get secure information.

 

As to how using SSL on your server, have you attempted to read up on it?  Have you deducted your own answers/hypothesis on how to do it?  Try and find some answers yourself. If you are unsure that your answer are correct, post back with your findings and we will help guide you from there. 

 

Not doing this to be mean, or rude, but people tend to learn things better, remember them longer, and apply them more if they find the answers themselves.  As I said, we will guide you, but you have to tell us what you have came up with and let us point you in the right direction. We can't drive you from New York to Florida, but we can point the way to get there.

[ABo YaSSeR 4 EvER]

 

can't drive you from New York to Florida, but we can point the way to get there.

 

That is all I need.

 

I need u to give me book or article or so on that speak about SSL.

 

I'm developing website, it has CC Payment. so I want to know if I should use SSL, And I got the answer from u.

 

Now How to use it, I dont need CODEs or Scipts, Just I want u to put me on the way to expert SSL.

 

Sorry because I disscussed this article here.

 

My reply was:

--------------

 

When I see SSL Plans in GoDaddy.com, I had some ???

 

see (Compare Certificates), ....

 

 

I wnat to protect my website, it uses CC and sensetive informations.

 

 

so WHO AM I? (Turbo SSL, High-Assurance, Extended Validation) ???????????

 

and why godaddy cheaper than the others like (VeriSign, ....)

 

 

[neylitalo]

Using an SSL certificate is something that happens in Apache, not in PHP - so you'll have to ask your host to set one up for you. You may also be able to give them an existing certificate (for example, one from VeriSign), and they'll install it for you. And once you've gotten it installed, the only steps necessary to use it is to use https://www.example.com instead of http://www.example.com.

 

If you ask your host to set up a SSL certificate for you, or find a button to push to buy one, then you'll be all set - but know that it will cost money. The reason verisign is more expensive is that they are a globally known security provider, and browsers will automatically trust them. GoDaddy's certificates may not be as widely trusted as one from VeriSign, but you should know that they are just as secure. They provide the SAME amount of security, and the only difference is that their certificates won't be signed by a big company like VeriSign. I suggest that you use your host's provided SSL services, for the simple reasons that it'll be cheaper and easier for you.

 

 

[steelmanronald06]

http://www.apachelounge.com/forum/viewtopic.php?t=1259

http://www.franz.com/support/tutorials/ssl-tutorial.htm

http://www.eventhelix.com/RealtimeMantra/Networking/SSL.pdf

http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security6.html

http://www.openssl.org/

http://www.ibm.com/developerworks/linux/library/l-openssl.html

http://www.mobilefish.com/developer/openssl/openssl.html

 

Those should help. I just GOOGLED ssl tutorial and openssl tutorial and got all those and more