Posts tagged with ssl

SNI is becoming more and more popular, since you don’t need a dedicated IP address for every SSL certificate. I wouldn’t quite recommend it for your web store yet (it’s not supported by any version of Internet Explorer on Windows XP - though Google and Apple both found it easy enough to do on all versions), but if you’re just looking to secure your blog’s login form to prevent sending your password across the internet in plain text it’s great. Pair it with free SSL certificates from StartSSL and you’re good to go!

Continue reading →

I ran into what is apparently a pretty common issue with users running PHP as some sort of CGI with the Nginx webserver. If you’re trying to detect whether a user is using SSL you normally check to see if $_SERVER['HTTPS'] == 'on'. Well apparently this is more of an Apache-only convention than I thought… It won’t work under Nginx, your PHP script will never see an HTTPS server value and will always think the connection is unencrypted (in my case with the SSL Admin plugin for Wordpress, resulting in an infinite loop back to the SSL version of the page).

Continue reading →

I recently enabled LDAPS authentication for our Drupal site so users can log in with their Active Directory credentials. It wasn’t the most straightforward setup (both from a Drupal standpoint and a networking standpoint, since our website is hosted off-campus) so I wanted to write up documentation for internal reference purposes and a blog post about my LDAP hurdles as they relate to Drupal for anyone else running into the same problems.

Continue reading →