https & PHP 5

bobby · #1 07-20-2007, 02:10 PM

I am having an issue accessing my site through the secure server. I was wondering if someone could help me out. I can access my normal domain, but I access it through the secure server I get a "500 Internal Server Error". I am working with support. A couple of days ago, support did something that got it to work, but it broke my site because it looks like what they did was to remove
AddHandler application/x-httpd-php5 .php

from my .htaccess file. By removing this I could see my site on the secure server but since it goes back to PHP 4, my site dies since I use mysqli extensions.

Does anyone have any idea what I can do? Does the Secure servers have PHP 5? I can't a straight answer from support. It looks like there is always a different person in support contacting me.

Thanks,

Bobby

Sam · #2 07-20-2007, 02:32 PM

Are you using your own https certificate of the hostgator shared one?

As far as im aware you cant use a shared cert where you access it via the server hostname with php5

bobby · #3 07-20-2007, 02:33 PM

I am using a shared one, so I am accessing the sight using https://secure211.hostgator.com/~vinascon

Sam · #4 07-20-2007, 03:11 PM

Quote:

Originally Posted by bobby

I am using a shared one, so I am accessing the sight using https://secure211.hostgator.com/~vinascon

Ah.. thats why, you can only use php5 if you are accessing it via the domain name of your site.

bobby · #5 07-20-2007, 03:13 PM

Is this for security? That's mean I will have to change all of my msqli statements or pay the $175 (or whatever) to get https for my domain name.

Thanks for you response Sam.

Sam · #6 07-20-2007, 03:18 PM

Quote:

Originally Posted by bobby

Is this for security?

No its just the way the servers configured

Quote:

That mean I will have to change all of my msqli statements or pay the $175 (or whatever) to get https for my domain name.

You can get a cert for about $25 and hostgator can install it for $10 i think

slapshotw · #7 07-20-2007, 03:56 PM

Quote:

Originally Posted by _Sam_

You can get a cert for about $25 and hostgator can install it for $10 i think

Yeah..$14/year for the certificate from namecheap.com, plus $10 for HG to install, plus $2/month for the new IP.

gtgeorge · #8 07-20-2007, 05:35 PM

Or the $75 cert on a shared server includes everything!

slapshotw · #9 07-20-2007, 05:56 PM

Still more expensive though, the $75 is recurring fee also (and the $10 isn't).

zietbukuel · #10 01-10-2008, 11:28 AM

Use Cacert for your SSL certificate, they offer FREE certificates...

ghpk · #11 01-10-2008, 01:09 PM

Quote:

Originally Posted by zietbukuel

Use Cacert for your SSL certificate, they offer FREE certificates...

but you won't be able to install it without a dedicated IP which costs 2$/month.

skeetr · #12 01-10-2008, 01:25 PM

A resolution to the problem. Only took 5 months to do it. hehe

Kelmas · #13 01-10-2008, 04:01 PM

Not only HTTPS - HTTP will also give "500 errors" when PHP5 script is ran over userdir with "~". That is because of suPHP configuration. You have two options:

use PHP 4;
get a separate SSL certificate for the domain you want to access securely.

slapshotw · #14 01-10-2008, 05:47 PM

Quote:

Originally Posted by zietbukuel

Use Cacert for your SSL certificate, they offer FREE certificates...

I wouldn't use these on visitor-facing sites. Visitors using most browsers will get a security warning.

zietbukuel · #15 01-10-2008, 10:43 PM

Quote:

Originally Posted by slapshotw

I wouldn't use these on visitor-facing sites. Visitors using most browsers will get a security warning.

But they can just click OK...

slapshotw · #16 01-10-2008, 10:52 PM

Quote:

Originally Posted by zietbukuel

But they can just click OK...

On Internet Explorer 7, they have to click "continue" next to a big red X on this page:

http://www.bosanova.net/faq/images/ie7certerror.jpg

Visitor facing websites should never have a security pop-up if you want to make them feel comfortable your site is actually secure. Internal websites, sure, it doesn't matter.

vtrain · #17 01-11-2008, 08:05 AM

Quote:

Originally Posted by slapshotw

I wouldn't use these on visitor-facing sites. Visitors using most browsers will get a security warning.

Or use them but put an explanation in the non-https page to install the root certificates to CAcert. You can get the links for the root certificates for firefox and explorer here:
http://www.cacert.org/index.php?id=3

After installing the root certificates the browser no longer complains for CAcert certifications. There are several requests at bugzilla to have these certificates included with the browser. Maybe one day in the future...

Vtrain
P.S: maybe this FAQ for installing root CaCert root certificates also helps:
http://wiki.cacert.org/wiki/BrowserC...60e0b54d9e378b

slapshotw · #18 01-11-2008, 06:46 PM

You can do that...I would never do that on my important sites. It's only $14 for a cert without the popup.

Jordanlw · #19 01-11-2008, 09:27 PM

Well im still annoyed how you issue a SSL cert to www.example.com
But when you visit example.com you get the warning that the SSL cert is not issued to this site...

Im new to the SSL world,
If i purchase one SSL cert can that be placed over my whole site meaning no matter where you visit at https://www.example.com its secure?.

slapshotw · #20 01-11-2008, 10:06 PM

You can do that with a "wildcard" certificate but they are significantly more expensive.

vtrain · #21 01-11-2008, 10:23 PM

Quote:

Originally Posted by slapshotw

You can do that with a "wildcard" certificate but they are significantly more expensive.

not at CaCert :-P

Jordanlw · #22 01-11-2008, 10:39 PM

Quote:

Originally Posted by slapshotw

You can do that with a "wildcard" certificate but they are significantly more expensive.

So a normal cert only encrypts one URL?.

@VTrain..
You get what you pay for...
Id rather pay..

slapshotw · #23 01-12-2008, 12:21 AM

Quote:

Originally Posted by Jordanlw

So a normal cert only encrypts one URL?.

The regular certificate will *encrypt* the other URLs, but the certificate will be tied to the one domain/subdomain combo and give a pop-up warning if somebody tries to access it with a non-matching domain. If they say "yes" or "continue" on the pop-up however, they'll have a completely secure connection.

Quote:

You get what you pay for...
Id rather pay..

Agreed on both counts. For the $10-15 to get a certificate where the root is already trusted in popular browsers it's a no-brainer to me. Conversion rates would fall through the floor on all my client eCommerce sites if visitors got a big warning before putting in their credit card info. Far more than $15 would be lost.

zietbukuel · #24 11-16-2008, 02:09 PM

Quote:

Originally Posted by Jordanlw

Well im still annoyed how you issue a SSL cert to www.example.com
But when you visit example.com you get the warning that the SSL cert is not issued to this site...

Im new to the SSL world,
If i purchase one SSL cert can that be placed over my whole site meaning no matter where you visit at https://www.example.com its secure?.

Or you can Apache to redirect the user to www.example.com.