How to Enable SSL and PHP
Without proper security, the Internet wouldn't be as useful as it is. You need encryption to send information such as credit card numbers and sensitive personal data over the public lines of the global network. On the Web, the Secure Socket Layer (SSL) protocol provides that security. Since PHP is built for the Web, you need to know how PHP and SSL work together. There are a few ways they interact, depending on your needs.
Other People Are Reading
Instructions
-
Enabling Support for SSL Functions in PHP
-
1
Check if your PHP installation has SSL support enabled. Create and run a simple PHP script with the following contents:
<?php phpinfo(); ?>
Your script will display a long list of boxes containing information about your installation of PHP. Look for a box with the header "OpenSSL." If you find it, you have SSL support installed and may skip this section.
-
2
Download and install OpenSSL according to the instructions on the OpenSSL website. Some aspects of installation will differ depending on your server's operating system.
-
-
3
Reinstall PHP with SSL support. See PHP.net's OpenSSL Manual page for specific instructions. You can also find an example tutorial at the website "My Online Log."
After you've enabled SSL functions in PHP, you will be able to write scripts that interact with secure certificates, SSL encryption keys and other specific aspects of SSL.
Making Sure Your User's Connection Is Secure
-
4
Check if the user is accessing your server through a secure network port. When people connect to a server, they connect through numbered "ports." The port's number has meaning and can be used to help determine what the user needs. Normal Web pages are delivered via port "80." Secure Web pages are delivered through port "443."
Use the following as the first line of your block of code to check if the user is communicating on the secure port:
if ($_SERVER['SERVER_PORT'] != 443) {
-
5
Move the user to a secure connection if he/she is not on the secure port. Add the next two lines of code to do that:
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
-
6
Stop your script immediately if you had to redirect the user. You don't want to do anything else if the user is going to a different page. End your code block with these two lines:
exit();
}
With this code block at the head of your scripts, you can be assured that your user is accessing your Web page on a secure connection.
Making Sure Your Website Can Create a Secure Connection
-
7
Check if your website has a secure connection available. Go to a non-secure Web address that accesses one of your pages. For example, "http://www.example.com/page.php" is a non-secure Web address. Now add an "s" after the "http" portion so it looks similar to "https://www.example.com/page.php" and press "Return." If your page does not load, you don't have a secure connection for your website. If it does load, you do have a secure connection and may skip the following steps.
-
8
Ask your Web hosting company to install a "secure certificate" on your domain name. The domain name, in this case "example.org," must have its own secure certificate to accept SSL-secured connections. They will charge you a fee that may include their installation fee and will definitely include the fee for the company that issues and supports your SSL certificate. You usually buy a certificate that lasts some number of years and need to renew it when it expires.
-
9
Check that your certificate is properly installed by repeating Step 1.
-
1
Tips & Warnings
If you aren't able to make changes to your PHP installation, contact your Web hosting provider and ask them to enable SSL support for you. Alternatively, ask them about hosting plans that include support for SSL functions in PHP.
References
Resources
- Photo Credit man pondering about internet security image by patrimonio designs from Fotolia.com
