Help PHP application over SSL

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am building a database-driven PHP application.
Part of that app needs to run over SSL for gathering private data.

Now, when someone purchases a certificate, the domain name is
hard-coded on the certificate, right?

If so, how can I run part of the application in regular mode (http) and
the rest in secure mode (https)?

The domain name on the certificate will be something like -

But some of the pages will be secure and some not.

Is it possible to have something like this?
Will the certificate work ok?

And should I refer to the secure pages using absolute referencing
( )

Thanks for any help.

Re: Help PHP application over SSL

Quoted text here. Click to load it

Correct.  A typical secure site really has *TWO* virtual sites, one
secure, one not secure (with the same domain name, e.g. and ).  The not secure
part has the product descriptions and such in it (typically).  The
secure part has the order form, etc.  on it.  Depending on how much
personal data the site handles, you may want most of it secure.
Your typical secure site has AT MINIMUM an un-secure entry page
which redirects or links to the secure entry page.  Nobody is going
to remember to type the "https:" part in.  So that unsecure part
brags about the security and links to the secure page, or just
not just the response after they log in.  That way, the login info
is encrypted.

Quoted text here. Click to load it

Make sure you do NOT use insecure images on secure pages.  Browsers
get upset about that.  Otherwise, you treat it as two virtual sites
with different domains, cross-referencing each other.  Limit links
to insecure pages from the secure pages, or label them with hints
like "exit secure site".  Whether you use the secure or insecure
site depends on the http: vs. https: part.

Quoted text here. Click to load it

Fine.  You can have a secure and insecure site with the same domain
name.  They may or may not have the same document root.  Treat them
the same way you would two different domains on separate virtual sites.

Quoted text here. Click to load it


You can refer to secure pages from other secure pages of the same
domain with relative referencing.  From an insecure page, it's like
you are referencing a whole different site (which it is), so you
need the absolute referencing.

                    Gordon L. Burditt

Re: Help PHP application over SSL

Quoted text here. Click to load it

PHP doesn't know anything about the transport other than what the httpd  
tells PHP about it. So it makes no difference at all.

Quoted text here. Click to load it

With a little rewriteengine magic it's possible to create a relative URL
for the client which will be redirected to either http or https (it's an
example in apaches rewrite documenation).

Site Timeline