http://www.perlmonks.org?node_id=449418

Andre_br has asked for the wisdom of the Perl Monks concerning the following question:

Hello fellow monks,

I´ve been looking all the web for clear information on how to implement SSL in Perl and, as I really couldn´t find the answers, I come to ask for thy wisdom.

I have all my scripts working already, and want to implement SSL for the login page. Without SSL, as it is now, I smoothly (and insecurely) get usename and password from our great friend CGI.pm. But haven´t any clue of what to do when we´re talking about the SSL scheme.

Can you guys give me some directions? I know there are some modules to be installed for this to work, but I don´t know for sure which are they and how (and where) to adapt my code.

Thanks a lot

André

Replies are listed 'Best First'.
Re: SSL Implementation under Perl
by etcshadow (Priest) on Apr 19, 2005 at 20:49 UTC
    SSL is implemented at the transport layer. Since it sounds like you're talking about a web server (you mention CGI.pm), this means that it is part of the web server. In fact, it's sort of it's own sub-protocol: http-over-ssl, commonly called https (generally runs on a different port: 443 instead of 80).

    Now, I can only guess that you're using Apache as your web server (possibly with mod_perl), since you don't give any further info. If that's the case, you want to look into an apache module called mod_ssl... this is an extension to apache to implement https. You'll need to change your httpd.conf file as well, and, as mentioned above, purchase an SSL certificate.

    In short, it's not a perl issue, at all. It's something you've got to configure into your web server. 

    ------------
:Wq
Not an editor command: Wq

    [download]
[reply]
[d/l]
      I´m using my host's shared certificate, wich is ok. I only thought that it would be necessary also changes in the scripts because I´m receiving error messages when I try to execute my scripts using the secure path. Bit, as you have said there´s nothing on Perl about it, I presume they have the cgi execution misconfigured - have asked them to look it up then. Thanks a lot folks!
[reply]

        Check your path to the script. I am doing this also and have to use something like this for the form tag action:

        https://secure.server.net/~userid/cgi-bin/myscript.pl
[reply]
[d/l]
Re: SSL Implementation under Perl
by goober99 (Scribe) on Apr 19, 2005 at 20:37 UTC
    First, you need to purchase a SSL certificate from a reputable company like Thawte or Go Daddy. Then install that certificate on your server. You should be able to find instructions in the documentation for your server on how to install the certificate and require it to be used when someone visits your website. And that's it. You shouldn't have to make any changes to your Perl scripts.
[reply]

Back to Seekers of Perl Wisdom