I have two servers, A and B. They both run on the same code base and run on debian with apache2.
I need to securely & periodically check a REST response from serverA with serverB.
I have built a simple cURL script to connect to serverA from serverB with basic auth:
<?php $url = 'http://mydomain/restpath/get'; $ch = curl_init($url); $username = 'username'; $password = 'password'; // Timeout in seconds curl_setopt($ch, CURLOPT_TIMEOUT, 10); // Include header in result? (0 = yes, 1 = no) curl_setopt($ch, CURLOPT_HEADER, 0 ); // Should cURL return or print out the data? (true = return, false = print) curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //set the basic auth to any then set the creds curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt($ch, CURLOPT_USERPWD, "$username:$password"); $status_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); //get status code // Download the given URL, and return output $output = curl_exec($ch); // Close the cURL resource, and free system resources curl_close($ch);
The credentials here will be passed in plaintext.. to secure I intend to use a HTTPS connection.
## My knowledge on https certs is beginner ##
is it safe to just use the defualt certs declared in the example ssl vhost conf supplied with apache:
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Or is there a little more that I would need to do?