Thanks Thanks for your reply - your explaination cleared up my misunderstanding. Now, would you or anybody else know why X-Cart is not detecting OpenSSL as an installed HTTPS module when I did install it on our webserver (I used a precompiled windows binary) and added the "bin" directory to the windows PATH system variable and verified that the "OPENSSL_CONF" system var was created and points to the "openssl.cnf" file in the "bin" directory? I can issue commands at a command prompt successfully: C:\Any Dir>openssl version OpenSSL 0.9.8d 28 Sept 2006 C:\Any Dir>openssl s_client -connect www.openssl.org:443 [I am connected] GET / HTTP/1.0<enter><enter> I get the home page source code returned. Seems to be working on the server end. Any ideas or other areas to investigate within PHP (OpenSSL support is enabled in php.ini) :) Thanks. Ken Vandegrift kvandegrift@xxxxxxxxxx Web Administrator Sharis Mgmt. Corp -----Original Message----- From: Frank M. Kromann [mailto:frank@xxxxxxxxxxxx] Sent: Wednesday, February 07, 2007 9:09 AM To: Vandegrift, Ken Cc: php-windows@xxxxxxxxxxxxx Subject: Re: SSL on Windows Server 2003 > Good Day To All, > > System Config: > Windows Server 2003 > PHP 5.2 > > I'm hoping someone can help give me a high level understanding between > the differences between an SSL certificate installed on my webserver and > an SSL module (e.g. OpenSSL) installed on my web server. > > 1. My current understanding is that the SSL certificate installed on > my webserver will encrypt data coming from and going to a client web > browser if the protocol is HTTPS. So, if on a checkout form at my web > store the url begins with https, then credit card info, etc. will be > encrypted and considered safe from sniffers, etc. Is this correct? Correct, or at least more safe than non encrypted connections. > > 2. I become fuzzy then for the need or proper use of an SSL module > (let's just go with OpenSSL). Specifically, my current webstore has > VeriSign's Payflow Pro API installed on the webserver, and I have > written a class that sends payment requests to VeriSign by using the > Payflow Pro as a COM object. However, this is very slow (taking 30 > seconds per transaction). Recently my company purchased X-Cart Shopping > cart software and I am trying to get this configured to use our > Payflow Pro account using XMLPay. However, I keep getting an error > that no SSL module could be located for secure transactions. So, why > do I need an SSL module if I am submitting transaction data to an HTTPS url? In this case php becomes the client and it needs to know how to encrypt data send to the gateway (the server) and how to decrypt the data comming back. This is where OpenSSL comes into play. If you can load the extension called php_openssl.dll, it requires libeay32.dll and ssleay32.dll you should be able to communicate with SSL encryptions. You might want to take a look at the cURL extension as well. It'll do all the encryption and decryption for you on each request. - Frank -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
