If you have a hosting provider such as GoDaddy, 9 times out of ten, they will install the certificate for you. all you have to do after you pay for it is receive it and attach it to your website (it's all explained when you buy one). It may take up to 72 hours to complete.
So, short answer:
1. Sign up for hosting
2. Buy SSL certificate
3. Attach SSL to website
4. Wait for hosting to complete.
Once you have your certificate installed, you simply need to change the protocol to HTTPS when logging in or passing sensitive information. There is no reason to remain on HTTPS all the time after login.
Long Answer:
Basically, if you're using a <FORM> you need to use HTTPS in your ACTION. If you're using AJAX, you'll need to use HTTPS in your URL that you are submitting to, and any time you pass sensitive info in either case, submit to HTTPS. This includes when you must display sensitive info to the user.
Deciding how to switch back and forth can be sort of complicated and a large grey area. What I like to do is use a redirect any time I am passing sensitive info, except the actual login, which I make sure to send as HTTPS to start with.
SSL is server side and has nothing whatsoever to do with your code. It allows your browser to negotiate a secure, encrypted connection using a secret "handshake". Other than making sure your links and form submission ACTIONs go to HTTPS at the proper time, there's nothing else to change.
***IMPORTANT: It doesn't sound like you have too much experience with web site programming. If this is the case, you'll need to know that having a login isn't as simple as an SSL certificate and HTTPS protocol. You have to have a server-side script that parses the username and a database that stores the usernames and passwords. You also have to learn how to use Cookies and Session Variables.
So, the next step would be to decide which server side language suits you best (I like PHP, personally, because it's free, open-source, and there are plenty of people to help) and learn to program sessions. The alternative is to go with a framework like cakePHP, but that requires some advanced web knowledge.
Finally, you can also skip ALL of this after the certificate step and go with a CMS (content management software). You can turn out whole websites in less than a day with some of them like Joomla or even Wordpress (wordpress isn't just for blogs anymore)
All in all, it depends on what you want the final product to be.
1:
2:
3:
4:
5:
6:
7:
|
<form method="POST" action="https://www.yoursite.com/login.php" name="SecureLoginForm">
<input name="username" id="username" type="text" size="25" />
<br /> <br />
<input name="password" id="password" type="password" size="25" />
<br /> <br />
<input name="submit" id="submit" type="submit" value="SUBMIT" />
</form>
|
