I have two servers, A and B. They both run on the same code base and run on debian with apache2.
I need to securely & periodically check a REST response from serverA with serverB.
I have built a simple cURL script to connect to serverA from serverB with basic auth:
<?php
$url = 'http://mydomain/restpath/get';
$ch = curl_init($url);
$username = 'username';
$password = 'password';
// Timeout in seconds
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
// Include header in result? (0 = yes, 1 = no)
curl_setopt($ch, CURLOPT_HEADER, 0 );
// Should cURL return or print out the data? (true = return, false = print)
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
//set the basic auth to any then set the creds
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
$status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); //get status code
// Download the given URL, and return output
$output = curl_exec($ch);
// Close the cURL resource, and free system resources
curl_close($ch);
The credentials here will be passed in plaintext.. to secure I intend to use a HTTPS connection.
## My knowledge on https certs is beginner ##
is it safe to just use the defualt certs declared in the example ssl vhost conf supplied with apache:
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Or is there a little more that I would need to do?
Thanks, John
In writing the question and realised what the correct question should have been, and has already been answered here: