Add SSL to your website – HTTPS made easy

http://blog.host.co.in/wp-content/uploads/2010/12/secure-ssl-logo-thumb7709540.jpgTo let your visitors/users safely access your services, you better add a SSL certificate to your server to allow them browse your websites using HTTPS protocol.

What is TLS/SSL?

“Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which are designed to provide communication security over the Internet.

They use X.509 certificates and hence asymmetric cryptography to assure the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication.” (Wikipedia)

So basically it ensures the data transiting from the user to the server is encrypted.

You can either use your own certificate or buy from 3rd party such as StartSSL.

If you use your own certificate, the web browser will not recognize it as a safe website and will display a warning message before to be able to access it. If you want to avoid scaring your visitors, you will need to buy a certificate from a trusted vendor (Meaning accepted by 99.x% of the web browsers as safe certificate).

But as I trust myself, I do not need to buy a certificate and I will just generate one by myself to secure further my server.

Installation

You can generate your own self-signed certificate by running the following command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/myblog.key -out /etc/ssl/certs/myblog.pem

This will create a pairs of key and certificates based on RSA encryption 2048 bit.

You will need to enter some info such as:

Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taiwan
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Freedif    
Organizational Unit Name (eg, section) []:Freedif
Common Name (e.g. server FQDN or YOUR name) []:freedif.org  #### Your domain name !
Email Address []:karibu@freedif.org

Once done, you need to adjust your Virtualhost to add a SSL section.

nano /etc/apache2/sites-enabled/myblog

and add at the end after the , a new section dedicated to HTTPS (Port 443).

To be faster, I suggest to use the same configuration than your Virtualhost on HTTP, like:

<pre class="lang:default highlight:0 decode:true crayon-selected"><IfModule mod_ssl.c>
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/myblog.pem  ### Where you saved your certificate
        SSLCertificateKeyFile /etc/ssl/private/myblog.key  ### Where you saved your key

###### ADD YOUR ORIGNAL VHOST SETTING ####

</VirtualHost>
</IfModule>

Finally, enable SSL mode:

sudo a2enmod ssl

and restart apache

sudo /etc/init.d/apache2 restart

You should now have a HTTPS connection working !

Gravatar

Loves to discover web-based apps to install on his own server@home and write articles about it

0 Comments:

Add a comment