I'm about to develop a new website and will require a EV SSL certificate when the site is pushed to the production server. My question is during development I won't have an EV SSL certificate (although I could have a self signed cert if needed). If I develop my PHP site without an SSL cert then push it to my production server, is it likely to work or are there going to be a ton of issue surrounding this?
Also if I do develop locally with a self-signed SSL cert then push to the production server where it will have the EV SSL, is that like to cause any issues?
I just thought I'd clarify these few point before diving in and getting carried away. Are there any industry standards or best practices on how one should develop a site locally that will end up with a SSL certificate?
Note: I'm going to be using the Laravel framework if that makes any difference to answering this question.
Normally you shouldn't have any problems, switching from an HTTP to an HTTPS server. Using a self signed certificate for development is surely a good idea though.
There are two major points that can go wrong:
If you are using Laravel 3, you can find a key in application/config/application.php for 'ssl'. If you set this to false (preferably in your dev or equivalent config), then when you generate a URL to a secure route with any of the URL helper methods (URL::to_secure, etc.), Laravel will automatically convert those links to http in that environment.
I do not know of a config option for this in L4, but what you could do is define your own config variable for it and use that in your helpers URL::to('foo', null, null, Config::get('app.ssl',true)). This way, you can set 'ssl' to false in your config to use it just like L3.
EDIT: I just caught Taylor in IRC and his explanation for the omission of the SSL config in L4 is because he recommends actually setting up SSL on your development environment as you had suggested. For development purposes, a self-signed cert should be fine.