What is an SSL certificate?
SSL, which stands for secure sockets layer, has two main roles. The first role is to acknowledge the validity of a web server. In other words, an SSL certificate ensures that the web server does exist. The second role is to encrypt between the web server and web clients. Without an SSL certificate, your credential information has a risk of being stolen because it is not encrypted. An SSL certificate ensures a safe communication on the Internet.
How does SSL secure the safety?
1.A web client (browser) attempts to access a web server.
2.The server sends its SSL certificate and public key to the browser.
3.Checking the validity of the certificate, the browser creates a common key.
4.Encrypting the common key with the public key, the browser sends the common key to the server.
5.The server decrypts the encrypted common key and keeps it.
After the process above, the communication between the server and browser is always encrypted with the common key.
How can you get an SSL certificate for your website?
Let's Encrypt is an easy solution to create an SSL certificate
1.Install the client software of Let's Encrypt, or certbot
$ sudo yum install epel-release
$ sudo yum install certbot
2.Create an SSL certificate
certbot certonly --standalone -d www.example.com
You can use the --standalone option only when your web server such as apache and nginx is off. If you want to run this command with the web server on, you have to use the --webroot option.
$ certbot certonly --webroot -w /var/www/www.example.com -d www.example.com
You need to add the document root after the -w.
If you want to cover multiple domains, you can simply add the -d option as follows
certbot certonly --standalone -d www.example.com -d www2.example.com
3.Change your web server configuration
You need to add the following configuration to /etc/nginx/conf.d/default.conf.
server {
listen 443 ssl;
server_name www.example.com;
root /var/www/www.example.com/current/web;
ssl_certificate /etc/letsencrypt/live/www.example.com/privkey.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/fullchain.pem;
}
4.Restart your web server
sudo systemctl restart nginx
At this point, you can access to your website with HTTPS.
Top comments (0)