SSL certificate for FMSA8/PHP/Apache

[iMarcW]

I am in the process of converting our online registration system from CDML to FX.PHP and I'm ready to set up an SSL connection on some pages so that users entering their credit card information get the lock showing in their browsers. I'm using FMSA8 on the same computer as the Web Publishing Engine and the Web server.

Is there any more to it than simply installing an SSL certificate under Apache and directing users to https:// addresses? Do I need to turn on secure connections in FileMaker Server Admin if I'm going to serve secure PHP pages in Apache that link to FileMaker, or doesn't it matter?

[Steven H. Blackwell]

Turn it on. That way, if you have a web server certificate, you'll have an encrypted circuit all the way from user's browser through the cloud to the web server. Then the connection from the database server to the to the WPE will also be encrypted. That leaves the connection between the WPE and the web server that is not encrypted, You've addressed that by putting both on the same machine.

HTH

Steven

[iMarcW]

I'm back, having successfully installed the certificate. It was unbelievably hard to find a document that would help install an Apache SSL certificate in OS X Tiger, and the ones I did find were geared toward using self-signing certificates. In the end, this document was the one that proved the most useful:

http://developer.apple.com/internet/serverside/modssl.html

I just have one concern: when I started Apache from the command line after updating the config file, I was asked for the passphrase for the key file, which I provided, and everything was fine. But the document is geared toward self-signed certs and advises how to remove the passphrase requirement, as long as the server is for testing purposes and not to be used in a production environment. Otherwise...

As things stand, when you start Apache, you will be prompted for a passphrase to read the private key. While this is fine for those who start and stop Apache manually from the command line every time, it does create some problems for those of us who have Apache (a.k.a. Web Sharing) start up automatically every time the system reboots. The system will hang on startup, patiently waiting for a passphrase that will never come — because there’s no way to enter the passphrase you’ve given the key! You’ll have to either boot into Mac OS 9 or boot into verbose mode to clear this problem if you forget.

I'm going to have to restart at some point, so is there any other way around this? I'm on regular OS X, not OS X Server. Perhaps unchecking Web Sharing in System Preferences and starting Apache manually from Terminal after startup is the way to go, but I figured there must be some way to make this automatic.

[iMarcW]

To update this topic, the computer isn't halted in its tracks on restart like the document warned, but it does fail to enable https, so you have to go to Terminal and restart Apache and provide the passphrase. I have Personal Web Sharing unchecked in Sharing preferences anyway, since I have to restart it either way. Fortunately, the server is stable and has UPS backup, so there have been few unplanned restarts.

Edited June 16, 2008 by Guest