Create an SSL Login for Your Website
Do you have a website, but wish you had a secure SSL-based login for it? Fear not, the answer is here!
Contents
Steps
- Receive an SSL certificate. You can purchase one from a trusted company such as VeriSign, or generate your own with OpenSSL.
- Apply the SSL certificate to your web server. If using Apache, you will need to enable the mod_ssl extension, and provide the location of the certificate. If using IIS, you will need to follow the wizards.
- Confirm port 443 is open in any firewalls.
- Verify that SSL is properly configured. Test to make sure that you can access https://localhost/ from the web server. If so, SSL is properly configured.
- Create a login page in your favorite server-side programming language.
Tips
- When working with Apache, you will need to restart the service after changing httpd.conf before your changes will take effect.
- You can develop a login in your favorite language to use hard-coded credentials, database-stored credentials (plain-text, hashed, or encrypted), or even Active Directory credentials.
Warnings
- If you use a self-signed certificate, or a certificate signed by your internal CA, external users will be prompted to trust your certificate. Internet Explorer 7 highly suggests this is a bad thing to the end user.
- Make sure your communications are encrypted all-around. Communications from the web server to the domain controller may be unencrypted. Use a packet-sniffer to help make sure your credentials are really secure.
Related Articles
- Select a Paying Webhost
- Learn CSS Code