westend Posted December 1, 2004 Share Posted December 1, 2004 Does anyone know how to add SSL encryption to the admin seciton? Link to comment Share on other sites More sharing options...
Guest Posted December 1, 2004 Share Posted December 1, 2004 Does anyone know how to add SSL encryption to the admin seciton? <{POST_SNAPBACK}> Yes thanks. :-) If you are using Apache then I suggest to wander off to the www.apache.org - all the information you need is there. You will probably find www.openssl.org useful too. If you are not using Apache then I have no idea. If you are using Apache on MS Windows then as far as I know, ssl is still not suported (the apache developers say that MS Windows is so full of security holes anyway that the effort of implementing ssl is into apache is just not worth the trouble) but this may have changed by now. Otherwise, you will need to set up a server SSL certificate, a client certificate, and get the server and the client talking to each other. Nail down your htdocs direcory so that you can't use some non-ssl means of accessing the admin bits, and there you go ! Other than setting the appropriate value in OSC (in configuration.php I think) to tell it to use a secure connection, this is really ouside the scope of OSC - it's a web server configuration issue and (of course) depends on what web server you are using and your specific setup. Having said that, this issue comes up all the time so searching these forums will probably help you too. But you will no doubt know this already because you will have already searched the forum extensively before posting, eh ? :-) Rich. Link to comment Share on other sites More sharing options...
♥Vger Posted December 1, 2004 Share Posted December 1, 2004 Basically - if your web hosting company provides a shared ssl as part of your package - use that as a starting point. If you want a full ssl cert then (depending upon whether your hosting company allows you to install your own ssl cert) you need to generate a CSR via your web hosting control panel (Certificate Signing Request) and use this when you buy your SSL cert, then: 'Import' it into your hosting control panel, then ask your hosting company to reboot the httpd files to complete the install. Vger Link to comment Share on other sites More sharing options...
westend Posted December 1, 2004 Author Share Posted December 1, 2004 Yes thanks. :-) If you are using Apache then I suggest to wander off to the www.apache.org - all the information you need is there. You will probably find www.openssl.org useful too. If you are not using Apache then I have no idea. If you are using Apache on MS Windows then as far as I know, ssl is still not suported (the apache developers say that MS Windows is so full of security holes anyway that the effort of implementing ssl is into apache is just not worth the trouble) but this may have changed by now. Otherwise, you will need to set up a server SSL certificate, a client certificate, and get the server and the client talking to each other. Nail down your htdocs direcory so that you can't use some non-ssl means of accessing the admin bits, and there you go ! Other than setting the appropriate value in OSC (in configuration.php I think) to tell it to use a secure connection, this is really ouside the scope of OSC - it's a web server configuration issue and (of course) depends on what web server you are using and your specific setup. Having said that, this issue comes up all the time so searching these forums will probably help you too. But you will no doubt know this already because you will have already searched the forum extensively before posting, eh ? :-) Rich. <{POST_SNAPBACK}> Hi Rich, Thank you for your very verbose reply. My site is running on a Linux box and I don't know what kind of web server is running. I'll try to get more information from my host. Having said that, It all sounds very complicated. I'll search the forum for more info before I post again. Thank you very much, Al Link to comment Share on other sites More sharing options...
ozcsys Posted December 1, 2004 Share Posted December 1, 2004 Does anyone know how to add SSL encryption to the admin seciton? <{POST_SNAPBACK}> In your admin/includes/configure.php change your HTTP define to your secure path define('HTTP_SERVER', https:// your secure path.com The Knowledge Base is a wonderful thing. Do you have a problem? Have you checked out Common Problems? There are many very useful osC Contributions Are you having trouble with a installed contribution? Have you checked out the support thread found Here BACKUP BACKUP BACKUP!!! You did backup, right?? Link to comment Share on other sites More sharing options...
♥Vger Posted December 1, 2004 Share Posted December 1, 2004 Yes, but you have to actually HAVE a shared or full ssl before you do that. That comes later. Vger In your admin/includes/configure.php change your HTTP define to your secure path define('HTTP_SERVER', https:// your secure path.com <{POST_SNAPBACK}> Link to comment Share on other sites More sharing options...
Ronnie K Posted December 1, 2004 Share Posted December 1, 2004 is this how to prevent other users from accessing your admin page? Link to comment Share on other sites More sharing options...
Guest Posted December 1, 2004 Share Posted December 1, 2004 My site is running on a Linux box and I don't know what kind of web server is running. <{POST_SNAPBACK}> It will almost certainly be Apache. I'd be amazed if it was anything else to be honest. And yes, many many people (myself included) have had problems getting ssl working correctly on Apache. Not that there is anything wrong with how it works it's just that all the various bits must be EXACTLY correct for it to work. It doesn't help that the error logs you get when things don't work can be _very_ obscure indeed. The biggest tips I can give you are : * Read all the info that is available - www.apache.org has all the docs online and covers this issue extensively * Make notes as you go along. Then next time it won't be anywhere near as difficult * Keep telling yourself "this DOES work !" (even when you begin to think that it definitely does NOT work !) * Use google ! * Use the mail archives (**INVALUABLE**) such as http://marc.theaimsgroup.com and if you have a problem you can't find an answer for, look at other OS' - ie - don't just stick with (say) the Linux archives - your problem may (probably will !) be posted on some other archive somewhere. Rich. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.