I have set up apache and ssl etc to run a kind of extranet for my company. Everything works well so far.
However, I am using .htaccess files with mod_auth_MySQL to provide the security. This uses unencrypted passwords which is unacceptable in this situation. Therefore I have now setup SSL. I can access the site through https:// no worries. Am I correct in assuming that all transmissions between my browser and server will now be encrypted?
And secondly, can I stop apache listening to http: requests and only listen to https:? Or point the http: requests to a different virtual host?