0

I'm really a newbie in website programming. I'm learning php and I would like to make my own website (hosted from my own computer). So I installed apache on my linux computer and I got it to work. People can access this site by entering my global ip.

Now I would like to add some user dependent content. I want my friends to be able to register, log in and add some information. I know how to make a php login form, how to secure my passwords in my mysql database, I learned about safe use of sessions, ...

The only problem I have left is the connection between client and server. I'm not going to ask my friends credit card numbers or much other personal information except for a username, password, email (and maybe telephone number). To keep their information secure, I'm told that SSL is the way to go.

So SSL? Is this really necessary? Any good tutorials on setting up SSL on apache (btw my internet provider prohibits me to use a port below 1023, maybe that's important)? Where should I get a SLL certificate? Can it be a free one?

Another question: do I need a domain name to set up SSL? I was planning on giving my friends my global ip so that they can access immediately by entering that ip.

Once again, I'm not planning to make a commercial website, just a website so that me and my friends can easily communicate.

Michiel Van Couwenberghe
  • 543
  • 1
  • 4
  • 6

2 Answers2

1

Yeah SSL is pretty much your only option. No, working on a different port won't give you any trouble until you specify it when typing the url in your browser (i.e. "https://example.net:4245".

All the info you asked could've been found by googling "APACHE SSL LINUX" or "APACHE SSL UBUNTU" (or whatever distro you're using).

ref: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

ref: http://www.thegeekstuff.com/2011/03/install-apache2-ssl/

Luca B.
  • 638
  • 4
  • 13
  • Getting help on setting up ssl wasn't my main problem. Ofcourse I can find those tutorials by googling. You refered me to a site to set up a self-signed certificate. Is that the way to go? Should I let my users just ignore the warning message? And I don't need a domain name? – Michiel Van Couwenberghe Aug 22 '14 at 09:59
1

Where should I get a SLL certificate? Can it be a free one?

It sure can be free one, either self-generated or obtained from a free service however the last time I checked, most of the popular browsers don't recognize free certificates as trusted and so a warning screen.

Another question: do I need a domain name to set up SSL?

Yes and no - SSL will work and the data will be encrypted, but if the domain name from certificate does not match name the domain from the address of the website users will be prompted similarly to the way as if you had self-signed certificate. So if you don't mind the warning, you do not need domain name.

Kamil Król
  • 11
  • 2
  • So, if I enter my ip as domain in the certificate and let users enter my ip to connect to my website, still a warning will appear? – Michiel Van Couwenberghe Aug 22 '14 at 11:09
  • I have never tried that myself, but according to this [thread](http://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name) it should be possible though not recommended – Kamil Król Aug 22 '14 at 11:41