Mobile app version of vmapp.org
Login or Join
Smith883

: Extra configuration needed after installing SSL certificate? We recently developed two rather simple PHP applications for AXA (European bank). URL's are axa.tfo.be/incentives/cipres and axa.tfo.be/incentives/zrkk

@Smith883

Posted in: #Https #Php #Security #SecurityCertificate

We recently developed two rather simple PHP applications for AXA (European bank). URL's are axa.tfo.be/incentives/cipres and axa.tfo.be/incentives/zrkk (access to both sites is restricted to visitors with cookies with encrypted passwords)
On a previous security audit by an external company several security issues have been found. All these issues have been solved by a colleague PHP developer.
However, one last requirement has been added - all data should be transferred over HTTPS.
My PHP colleague is on holiday, however - and unavailable at the moment. So I contacted my host, and asked for installing SSL certificate. I myself have no knowledge or experience with SSL. I'm a bit at loss for the following problems.
Comodo SSL certificate + unique IP address has been installed today by my webhost for subdomain axa.tfo.be (by combell.be). However, it doesn't seem to be working. I posted a question about this earlier today, and was told not to worry, see link: serverfault.com/questions/339320/what-happens-if-you-install-an-ssl-certificate Current problems:


the web applications aren't accessible over HTTPS, HTTP works though (if a valid cookie is available)
there's a static HTML page at axa.tfo.be/incentives/cipres/static.html, even that page is only accessible over HTTP

My webhost is telling me that 'my application probably doesn't support SSL', and has asked me to set an SSL variable to true in my PHP code.


So my questions:


I have basic knowledge of PHP, but don't know where to start regarding the 'PHP SSL variable'. The sites have been online for some time, and have been developed for regular PHP access. (Google didn't bring me any help, either.)
Can anyone point me in the right direction, or give me some clues about whether/what I should ask my webhost for further assistance?
(I'm a bit on a tight schedule, the sites will be audited again on Monday, and it's a customer i wouldn't want to lose...)

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Smith883

1 Comments

Sorted by latest first Latest Oldest Best

 

@Rambettina238

I'm not aware of any PHP SSL variable either. The closest thing I can think of is in frameworks such as symfony, if you tell it that you are using SSL then all the absolute links it generates will start with .
In any case, it's clear to me that this is not the problem. You didn't say exactly what "not accessible" meant (it could be a timeout, connection reset, HTTP forbidden response, an SSL error, etc.) but what I got when I visited the site was a 404.

So the first thing you should ask your host is "Do the SSL and non-SSL vhosts have the same DocumentRoot?"

My suspicion is that they will respond that they do not. It's probably best for you if they do.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme