Hi
I want to start putting sensitive data on a client's Feng Office installation.
I decided to use SSL to protect the data stream.
This is what I did:
1. Moved the hosting account to a dedicated IP on my VPS
2. In WHM, generated and installed a self-signed certificate
3. Edited the 'ROOT_URL' variable in /config/config.php
Changed: define('ROOT_URL', '
http://domain.com');
To: Changed: define('ROOT_URL', '
https://domain.com');
4. Added a redirect in .htaccess to prevent "accidental" browsing to the unsecured url
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$
https://domain.com/$1 [R,L]
System appears to be working OK.
The first visit triggers security warning due to the self-signed nature of the SSL certificate, but the site is only used internally, so this won't be an issue.
Does anyone have any comments on this approach?
Anyone else done the same?
If no-one posts any issues, and I don't find any, we can add this to the Wiki.
I'll post a confirmation that everything is working in a few days.
--Update--
It appears that the cron job for mail and notification processing stops working.
I changed the cron entry using details on the wiki to:
include - -no-check-certificate
change http:// to https://
Regards
Brendon