FREELessons: 9Length: 50 minutes

Next lesson playing in 5 seconds

  • Overview
  • Transcript

2.3 HTTP vs. HTTPS

In this lesson we’ll look at how and when we should be using a secure connection. I’ll also show you a few options for generating and installing a certificate.

Related Links

2.3 HTTP vs. HTTPS

So now that we've got our Laravel installation pretty much good to go we need to talk about HTTPS and what Stripe expects from us. The question is if you use Stripe do you still need to obtain a certificate and serve your application with SSL/TLS encryption? In short, yes, very much so. Not only is it important when communicating confidential details, but customers tend to be weary of websites that do not use secure connections. Even for a simple log-in or sign-up form, an encrypted connection is always a huge bonus and gives customers confidence and peace of mind. So how exactly do you go about obtaining a certificate? Well there's a couple of ways. During development you might like to simply use a self-signed certificate. This sort of certificate should never be used in production, but when testing your application it's perfect as they're free to obtain. For production you'll need to get a certificate that has been signed and verified by a certificate authority. This will cost you money, however, you should keep a very close eye on Let's Encrypt. At the time of the recording of this course Let's Encrypt has entered a public beta. Let's Encrypt is a free and open certificate authority that anyone can use to generate a signed and verified certificate. The certificates issued by Let's Encrypt do only have a 90-day lifespan, so they will need to be renewed more frequently than a certificate that you pay for, but the Let's Encrypt command line tool let's you easily install and renew certificates. It's a real godsend. Because we're not doing anything production-worthy, and because we don't have a fully qualified domain name, we're just going to be using a self-signed certificate. If you're using Homestead, and you've saved your application like I did in the earlier lesson then a self-signed certificate has already been generated for you. In fact, all we need to do is use https with 44300 as the port number. Chrome will present us with a warning informing us the certificate is not signed. You can simply ignore the warning and continue as per usual since this is only for development purposes. If you used another method to serve your application then you'll need to look up instructions on how to create a self-signed certificate. All you really need is OpenSSL. Of course, this is all entirely optional as we don't actually need a certificate to use Stripe when testing. However, it is nice to have one as it makes the transition from development to production just that little bit easier. In the next lesson, we're going to be getting some data ready, so that we can begin using Stripe to process some payments. To do this we'll be setting up some migrations and database seeds.

Back to the top