extra configuration needed after installing SSL certificate?

Posted by ptriek on Pro Webmasters See other posts from Pro Webmasters or by ptriek
Published on 2011-12-09T23:21:29Z Indexed on 2012/06/02 10:51 UTC
Read the original article Hit count: 405

Filed under:
|
|
|
  • We recently developed two rather simple PHP applications for AXA (European bank). URL's are axa.tfo.be/incentives/cipres and axa.tfo.be/incentives/zrkk (access to both sites is restricted to visitors with cookies with encrypted passwords)

  • On a previous security audit by an external company several security issues have been found. All these issues have been solved by a collleague PHP developer.

  • However, one last requirement has been added - all data should be transfered over https.

  • My php collegue is on holiday, however - and unavailable at the moment. So I contacted my host, and asked for installing SSL certificate. I myself have no knowledge/experience with SSL, so I'm a bit at loss for the following problems.

  • Comodo SSL certificate + unique IP address has been installed today by my webhost for subdomain axa.tfo.be (by www.combell.be).

  • However, it doesn't seem to be working. I posted a question about this earlier today, and was told not to worry, see link: http://serverfault.com/questions/339320/what-happens-if-you-install-an-ssl-certificate

  • Current problems:

  • My webhost is telling me that 'my application probably doesn't support SSL', and has asked me to set an SSL variable to true in my php code.

So my questions:

  • I have basic knowledge of php, but don't know where to start regarding the 'php ssl variable'. The sites have been online for some time, and have been developed for regular php access. (Google didn't bring me any help, either.)
  • Can anyone point me in the right direction, or give me some clues about whether/what I should ask my webhost for further assistance?
  • (I'm a bit on a tight schedule, the sites will be audited again on monday, and it's a customer i wouldn't want to loose...)

Thanks for looking into this, and sorry if my questions sound a bit nooby - I'm a webdesigner, not a server specialist...

© Pro Webmasters or respective owner

Related posts about php

Related posts about security