Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Other SSL Certificates

  • This topic is empty.
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #26898

    Hello.

    I’m building a PHP application in which you submit a job application and it is then encrypted (sha1) and saved to a MySQL database.

    Now I obviously want it to be on a secure server because of the sensitive information they are submitting. Now from my knowledge you need to have an unique IP address (provided from host) and a SSL Certificate.

    Now for my two questions:

    1. There will be a folder on the site for the secure side on the server (https://)… so is it true any form submitted from this location will be automatically encrypted? Or do I need to change any form settings? Also is there a program to "capture" information that is being processed over the internet to check that the information is indeed being encrypted as it’s being submitted?

    2. Who would you recommend I obtain my SSL Certificate from? I’m looking for a reliable source but not too expensive.

    Thank you.

    #66972
    AshtonSanders
    Participant
    "itschadwhitaker" wrote:
    1. There will be a folder on the site for the secure side on the server (https://)… so is it true any form submitted from this location will be automatically encrypted? Or do I need to change any form settings? Also is there a program to "capture" information that is being processed over the internet to check that the information is indeed being encrypted as it’s being submitted?

    Installing a cert on your server doesn’t automatically make it secure. You’ll need to make a php statement or something that redirects to the secure version of the page, if they accidentally land on the http page.

    Make sure that all your links to that page and for the form submission either 1) are relative links or 2) are absolute links with https.

    "itschadwhitaker" wrote:
    2. Who would you recommend I obtain my SSL Certificate from? I’m looking for a reliable source but not too expensive.

    It’s probably easiest to get the SSL from your host. I’ve gotten certs from Godaddy in the past without any real problems.

    #66974
    "AshtonSanders" wrote:
    Installing a cert on your server doesn’t automatically make it secure. You’ll need to make a php statement or something that redirects to the secure version of the page, if they accidentally land on the http page.

    Make sure that all your links to that page and for the form submission either 1) are relative links or 2) are absolute links with https.

    So just to clarify if the form is on https://www.mywebsite.com/jobs/apply.php and they submitted the form to https://www.mywebsite.com/jobs/submit.php everything will be encrypted as it is being submitted over the internet? I don’t need to change anything in the <form> tags, correct?

    Thanks.

    #66977
    AshtonSanders
    Participant

    Correct. That will be secure.

    #66981

    Thanks AshtonSanders.

    Just out of curiosity is there a program to "intercept" submitted form data to test and make sure the data is indeed encrypted?

    #66984
    AshtonSanders
    Participant

    Hmmm. I have no idea.

    Anyone know of a way to test a Secure Connection?

    #66987
    Matt
    Member

    If it didn’t work, you’d get an error message. If the server did not provide you with a public key, or the CA denies the identity, your browser will alert you. You’d also get errors from the server if the public key-encrypted content was undecipherable to the server. When in HTTPS/SSL, the client will always encrypt the contents of the return message with the public key. If the server can’t decipher it, then it doesn’t have the correct private key. Also, Firefox, for instance, will only show the green bar if the server offers encryption of 128 or 256 bits. If the bar doesn’t show, encryption isn’t working. If the bar does show, your SSL certificate is working fine.

    #67184
    Chris Coyier
    Keymaster

    For the record, the few I’ve bought and installed I used http://sslmatic.com/

    I was using a (dv) from Media Temple, so I was using Plesk to deal with the server. I just followed the Media Temple instructions for doing it. It’s quite the process, but if you just walk through it all step by step it’s not too bad.

Viewing 8 posts - 1 through 8 (of 8 total)
  • The forum ‘Other’ is closed to new topics and replies.