Hi! I am trying to setup an e-Commerce site that allow realtime creditcard verification using SSL. I am using Apache web server running on SuSE Linux 6.1 with MySQL dbase. My problem is:

1) How to set up the actual service? Do I need a permenant leasedline to the local creditcard verification body or a normal dialup will do?

2) What function do I need to activate in Apache?

3) Do I need any extra software to do the processing?

4) Who can provide the SSL certificate & licensing for my aplication?

You help is greatly appreciated.

I too would like to know how to do this.

I do know that SSL must be enabled in Apache via a plug-in. There are credit card verification scripts out there, but they just check to see if the number fits a pattern, not if the card is valid.

I guess you have to have some account set up with a credit card company and run a script off their site?

Apache does not support SSL. You can get Stronghold, which is basically just like apache with SSL capability:
www.c2.net (http://www.c2.net)

It's not free however. During the Stronghold install, it will automatically send the cert request out for you, or point you to the page. The two primary sites for certificates are:
Thawte, and Verisign.
www.thawte.com (http://www.thawte.com)
www.verisign.com (http://www.verisign.com)

Apache does so support SSL, via a plug-in program:
http://www.faure.de/Apache+SSL+PHP+fp-howto-1p.html

2.3 Adding SSL
cd /usr/src/SSL-0.8.0; ./Configure linux-elf; make; make rehash This will create libraries needed by apache. You may issue make test to verify the compilation. You have to apply a patch to apache. It is important that you apply it before the frontpage patch, otherwise frontpage will not work. cd to /usr/src/apache_1.2.6/src and issue patch < /usr/src/apache_1.2.6/SSLpatch. Set SSL_BASE=/usr/src/SSLeay-0.8.0 in Configuration. Make sure that Module proxy_module is disabled otherwise Apache won't compile. If you are in need of a proxy, go for Squid squid.nlanr.net

Now make certificate to generate SSLconf/conf/httpsd.pem.

Why bother to pay for a server with SSL when Apache can provide it for free via a plug-in?

Good catch. I was not aware that. My superiors here at X ISP just bought Stronghold and force fed it to me. Sorry for the misguidance. http://discussions.linuxplanet.com//smile.gif