Recently I developed a personal blog website, bought a domain and wanted to go-live, but had no idea on how to make my website secure. It wasn't easy to find the list of steps to achieve this, so I wrote an article so that it will be helpful for others.
Why HTTPS?
If you want to protect communication between the client and the server from eavesdroppers then HTTPS is the way to go because if anyone tries to listen to your communication it will be just random characters to them as HTTPS makes all the calls encrypted. Also browsers nowadays enforce all the sites to be secured and you can notice a padlock icon beside the URL, whereas websites which doesn't have a padlock icon beside the URL are flagged as not secured and a warning is displayed before you can continue to browse.
Procedure
- Prepare a Certificate Signing Request (CSR).
- Get certificate signed and install it.
Now let us discuss each step in detail
1.) Prepare CSR
OpenSSL should already be installed in your system.
Below command will generate CSR as well as a private key
openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
- openssl - openssl toolkit
- req - request for certificate
- -new -newkey - generates a new certificate request and a new private key
- rsa:2048 - generates a RSA key 2048 in size
- -nodes - if a private key is created then it will not be encrypted
- -keyout - indicates domain you are generating key for
- -out - specifies the name of your .csr file
When the above command is executed, text based questionnaire will be displayed and you need to fill out the information.
πNote : - You need to enter your domain name of your website here β Common Name (e.g. server FQDN or YOUR name) []: domain_name.com
This is because the certificate authority will generate a public key to the particular domain.
2.) Get certificate signed and install it
There are many CAs (certificate authorities) in the market, most of them are paid and few offer free signed certificates up to 3 months validity. Below are few CAs
I have used SSL to get my signed certificate which is free and has a validity of 3 months.
Below are the steps to get signed certificate from SSL
- Create an account
- Go to https://www.ssl.com/certificates/free/ for free trail of 90 days validity.
-
Checkout the 90 day free trail certificate
open the .csr file that was generated in your local, copy the contents and paste it in CSR field in the website.
-
Domain Validation can be done in many ways
from the dropdown select add cname entry and it will create cname with random characters for domain validation, copy it and create DNS record in you domain account, and come back to ssl.com and click on validate button.
- Now you will be able to download the certificate and install it in your server by following the below guide, which will be available in your SSL dashboard.
After following the guide and installing the certificate in your server go to DNS checker and enter your domain in the input field and check if the DNS propagation has happened.
There you go! You have successfully converted your website to HTTPS.
Hope this was helpful, let me know if you face any issues.
Top comments (2)
acme.sh is easier and automated.
Thank you for sharing, will check it out