ssl question

can we just enable ssl on a website without asking for user name and password
AXISHKAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bradley BishopAssociate Product DeveloperCommented:
Do you mean to enable the port or have the website accept a username and password? Need a bit more information.

You can simply bind the website to the https port 443 and not require ssl and then you get both port 80 and 443
0
AXISHKAuthor Commented:
I need to setup my website such that user should access it through https:.
0
Bradley BishopAssociate Product DeveloperCommented:
ok so you need to bind it to the https protocol or port 443

1. Select your site
2. Under the action pane, under Edit Site select Bindings
3. Click Add
4. Under Type select https and port should be 443.
5. The ipaddress or host name should be the same and the http that is already there.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

grahamnonweilerCommented:
In order to serve a website under SSL (HTTPS:) there are a number of steps, all of which are mandatory:

1) Firstly you will need to obtain an SSL Certificate, if your website will be used by the general public then this must be issued by a genuine issuing authority (GoDaddy, Comodo, VeriSign etc.) while if the website is only going to be accessed inside your company/organisation you could get away with a "self signed" certificate. For information on how to obtain an SSL Certificate search on Google for "SSL Certificates".

2) Once you have your certificate, you need to copy the Certificate, Private Key for that Certificate and any "chain certificates" on to your server, in a location that is accessible by Apache (you have said earlier you are running Apache).

3) With the certificates in place on your server, you must then edit and modify the HTTPD.CONF file for Apache, placing the required instructions for Apache to begin listening for SSL connections, log file formats, what type of cipher and SSL connections your server will accept, and where it can find the certificates for the given HOST. This particular topic is covered by a number of tutorials that you can find on the web - in Google search for "How to Set up and Enable SSL in Apache"

4) When you have correctly edited your HTTPD.CONF file you will be able to restart Apache and then access your website using HTTPS. However, if within the HTML of your website there are any literal calls to "HTTP", such as in images, JavaScript or Iframes, then these will need to be changed to accommodate HTTPS or else your website will not be rendered by most browsers in a secure mode.

As you can see from the above, there is more to enabling SSL under Apache than simply binding it to port 443 (which will not enable SSL or a secure connection).

Please feel free to come back with any additional questions you have.
0
AXISHKAuthor Commented:
After that, user only need to type https://mywebsite.com, no password will be prompted, correct ?

Tks
0
grahamnonweilerCommented:
Absolutely correct, HTTPS (secure connections) are different from "HTTP with Basic Authentication".

In the first case HTTPS means that the data exchanged between the browser and website are encrypted and thus secure.

In the second case, a visitor is not able to view the website until they have entered a username and password, but the data is not encrypted and thus not "secure".
0
AXISHKAuthor Commented:
Do you mean when accessing https, the user will always be asked for the password ?

Is it possible to just encrypt the content by accessing https://xxxxx.com but no password is asked ?

Tks
0
grahamnonweilerCommented:
I think you are confusing HTTPS (a secure connection) and User Authentication (username & password controlled access).

Two entirely different things here.

Asking for a username and password before granting access to a website is a form of  "access control" - no data is encrypted.

With HTTPS anyone can access the website - but the data (meaning the website content) is encrypted when delivered to, and collect from, the visitor.

So to answer your question, no username and no password will be required to access the website over HTTPS unless you also add access control to.
0
AXISHKAuthor Commented:
Can i say it is no point to use https if not user password is asked ? Under what sitituation should the whole website be encrypted without any user name and password ?

Tks
0
grahamnonweilerCommented:
What are you trying to achieve?

Do you want to only allow specific people to access your website?

OR

Do you want to deliver your website using HTTPS - for instance because you want to take online payments?
0
AXISHKAuthor Commented:
Just want to enable access with https as requested by boss. tks
0
grahamnonweilerCommented:
Then follow the steps I originally described.

No passwords and no usernames will be required.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AXISHKAuthor Commented:
Tks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.