We recently developed two rather simple PHP applications for AXA (European bank). URL's are axa.tfo.be/incentives/cipres and axa.tfo.be/incentives/zrkk (access to both sites is restricted to visitors with cookies with encrypted passwords)
On a previous security audit by an external company several security issues have been found. All these issues have been solved by a collleague PHP developer.
However, one last requirement has been added - all data should be transfered over https.
My php collegue is on holiday, however - and unavailable at the moment. So I contacted my host, and asked for installing SSL certificate. I myself have no knowledge/experience with SSL, so I'm a bit at loss for the following problems.
Comodo SSL certificate + unique IP address has been installed today by my webhost for subdomain axa.tfo.be (by www.combell.be).
However, it doesn't seem to be working. I posted a question about this earlier today, and was told not to worry, see link: http://serverfault.com/questions/339320/what-happens-if-you-install-an-ssl-certificate
Current problems:
the web applications aren't accessible over https, http works though (if a valid cookie is available)
there's a static html page at http://axa.tfo.be/incentives/cipres/static.html, even that page is only accessible over http
My webhost is telling me that 'my application probably doesn't support SSL', and has asked me to set an SSL variable to true in my php code.
So my questions:
I have basic knowledge of php, but don't know where to start regarding the 'php ssl variable'. The sites have been online for some time, and have been developed for regular php access. (Google didn't bring me any help, either.)
Can anyone point me in the right direction, or give me some clues about whether/what I should ask my webhost for further assistance?
(I'm a bit on a tight schedule, the sites will be audited again on monday, and it's a customer i wouldn't want to loose...)
Thanks for looking into this, and sorry if my questions sound a bit nooby - I'm a webdesigner, not a server specialist...