What's the difference between http and https for API?

N

NetyNicka2014-12-19 12:53:39

API

NetyNicka, 2014-12-19 12:53:39

Engaged in API maintenance (between servers) on one of the projects. Now projects are moving to https (CA Certificate, different domains).
So the question arose, should anything be changed? Doesn't it need to add sending certificates or something else?

Example of a request between servers:

$ch = curl_init();
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $requestBody);
        $responseBody = curl_exec($ch);
        curl_close ($ch);
        $response = json_decode($responseBody);

Or just replace http with https, and there should be no problems? Where can there be pitfalls?
It's just that earlier it worked with https only on third-party services, and there was no difference between http and https requests.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Sergey Lerg, 2014-12-19
@NetyNicka

It should work right away, if your SSL certificate is not real, but self-signed, then you also need to disable certificate verification:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false)

P

Pavel Elizariev, 2014-12-19
@effetto

Problemma can arise with a chain of certificates. If the certificates are in order, then the system software will provide HTTPS support. In particular, make sure that the CA certificate is installed correctly on all servers. If the browser tends to tell the user when a site doesn't comply with SSL requirements, then the server will most likely simply reject the connection. Faced such a problem when setting up servers of the windows family.