[RESOLVED] Check if Domain has (HTTPS - SSL) capability

Pigmaster

Good Day to you all.

I have read many pages and posts about HTTPS but I can not see an answer to my question that is bugging me as I write some code.

Domain name is www.mydomain.com and setup for normal operation on (HTTP - Port 80)

Example Code: code.php

if(isset($_SERVER['HTTPS'])) {
    echo "HTTPS is available<br>";
} else {
	echo "HTTPS is NOT available<br>";
}

Now when I run http://www.mydomain.com/code.php I get "HTTPS is NOT available" but if I run as https://www.mydomain.com/code.php I get "HTTPS is available"

So how can you check in php if the domain has an SSL cert and is capable of running on HTTPS - Port 443 when you are running the code just under HTTP - Port 80.

Bjom

$_SERVER['HTTPS']

this does not tell you about availability of https, but rather whether the connection is currently using https.

You cannot tell from looking at a http request whether or not there is a cert available. You need to contact your host.

Pigmaster

Bjom;10926633 wrote:
You cannot tell from looking at a http request whether or not there is a cert available. You need to contact your host.

I am writing some code that will run on a server over HTTP but if there is an SSL cert available and the server is capable of running HTTPS then to redirect to the HTTPS connection.

Currently the user has to set a variable manually in the code to run over SSL whereas I am looking to see if PHP can do this automatically and programmatically via some hidden server variable or whatnot

Bjom

will run on a server over HTTP

it runs on the server. when you place it there it is known whether or not you have https support there.

the user ...

user? you mean the person installing your script? If they are capable of placing the script there, then you are certainly not asking too much when they have to set one flag to enable https redirect.

Another (elegant) approach would be to let the server redirect. On Apache: mod rewrite

Pigmaster

Bjom;10926709 wrote:
it runs on the server. when you place it there it is known whether or not you have https support there.

user? you mean the person installing your script? If they are capable of placing the script there, then you are certainly not asking too much when they have to set one flag to enable https redirect.

Another (elegant) approach would be to let the server redirect. On Apache: mod rewrite

The user(s) in this instance are not capable and can not be relied on to do things correctly (they miss steps in the installation, lie because they don't want to look stupid and ignore warnings) that is why I am looking to do it within PHP, from your comments it appears that it not available but I will look into mod-rewrite.

bradgrafelman

One way you could verify that SSL is available is by attempting to open a connection on the SSL port using [man]fsockopen/man or even using [man]file_get_contents/man to try and retrieve the index page via HTTPS.

Otherwise, you could try to do something like the following (for Apache):

<IfModule ssl_module>
    RewriteEngine On
    RewriteCond &#37;{HTTPS} !on
    RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R,L]
</IfModule>

Pigmaster

Thank you bradgrafelman, that is great advice. I will try it out now. 🙂

Pigmaster

If anybody would like to see in the future, here is the code I am using to detect if the domain has SSL

<?php
$SSL_Check = @fsockopen("ssl://www.domain.com/", 443, $errno, $errstr, 30);
if (!$SSL_Check) {
    echo "SSL Not Available";
} else {
    echo "SSL Available";
    fclose($SSL_Check);
}?>

If www.domain.com has SSL the code works, if not then as fsockopen throws an error you can suppress it with the @ and the reply comes back as SSL Not Available

mblack0508

Pigmaster;10926629 wrote:
Good Day to you all.

I have read many pages and posts about HTTPS but I can not see an answer to my question that is bugging me as I write some code.

Domain name is www.mydomain.com and setup for normal operation on (HTTP - Port 80)

Example Code: code.php
if(isset($_SERVER['HTTPS'])) {
    echo "HTTPS is available<br>";
} else {
	echo "HTTPS is NOT available<br>";
}
Now when I run http://www.mydomain.com/code.php I get "HTTPS is NOT available" but if I run as https://www.mydomain.com/code.php I get "HTTPS is available"

So how can you check in php if the domain has an SSL cert and is capable of running on HTTPS - Port 443 when you are running the code just under HTTP - Port 80.

Well if for one thing you check to see if its doing SSL, that proves it has a cert. Now the cert can be just a self signed cert. You dont want to hard code ports etiher, while 443 is the standard ssl port but any port can technically be used as SSL as long as the configuration for it and also the browser "https://" is used.