Secure Apache/PHP Login Page?

Mavens,

Is there a valid--concise(!)--summary of the steps one needs to take to secure a login page using Apache & PHP?

E.g., Assume that one already has an installed SSL certificate (an interesting process in itself)...but then what? I've been reading on the programming s开发者_运维知识库teps for days...and know less about the process than when I started. Is the critical portion of the solution a Rewrite Rule in Apache? If so, then what is mod_ssl in PHP for? If it's mod_ssl, then what's the relationship with Apache's Rewrite rules? Do you use both technologies? One, or the other, but not both? Or...what?

Thank you in advance from a (now very) confused Newbie on this topic.

Best regards,

Plane Wrtyer

---

You can use this how to to set up an apache directory that requires HTTPS. If you put your log in script there and do

<form action="https://example.com/SSL/login.php" ...

You can create the session and then redirect back whereever you like.