I need to do a CURL request from Server A to Server B.
Some sensitive information will be parsed from Server A, which I need to secure.
The problem is, Server A will be MANY different servers:
This will be implemented in a project similar to WordPress, where users download the software and install it on their domain(s) (which ever server holds the users domain, will be Server A). So I'm hoping I don't need to have SSL on Server A, because that would mean I have to force my users to purchase an SSL certificate.
So, would I need SSL on both sides when sending sensitive information in a CURL request, or could I just get away with having it on Server B, with it still being secure?
Welcome to any alternative suggestions too. :)
As far as the connection from Server A to Server B is concerned, Server A isn't a server, it's a client. You will need cURL to have been compiled against SSL/TLS libraries to support HTTPS connections, but cURL (or whatever uses libcurl) will behave as a client.
I suspect most installations of cURL nowadays come compiled against OpenSSL or LibNSS. Presumably, you might be referring to cURL via PHP, in which case you should be able to check that in phpinfo. (Just trying to make a connection to an https URL might also give you an indication: if you get an error along the lines of "this wasn't compiled with SSL support", you may have to upgrade your PHP/cURL installation.)
What you may need to do on the client side is configure the CA certificates you're willing to trust (like for any HTTPS connection). cURL as options to set up a CA file/CA path.
In addition, while there is no strict requirement for enabling HTTPS on Server A (the client), you might want to consider it, depending on whether you display any of the sensitive information obtained from Server B on a page served by Server A. Whether this is required really depends on what you do with this information. (Note that, in this case, enabling SSL on Server A would almost be completely separate from configuring the client.)
Its neccessary to have SSL on Server A , because from that is where you are sending the "Confidential" data to Server B. No point in having SSL at Server B.
If you really can't afford for SSL on all servers , go for some Encryption-Decryption algorihms.
Server A -> Encrypt Data -> Send to Server B -> Receive encrypted data at Server B -> Server B decrypts Data
SSL isn't "on" a server; it's a way of securely connecting between servers. You will need to have an SSL certificate on one of them (in this case, Server B will have the certificate). Then, Server A will just use an SSL client / SSL connection to Server B to pass the information. Depending on the setup, the SSL connection can be easily done with built-in tools (like CURL, or PHP, or just about everything else will allow some way of opening an SSL connection)
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 在下西门庆 的文章《would I need SSL on Server A and Server B for hand》','https://www.manongdao.com/article-934292.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}