HTTPS and Certification for dummies

Posted by Poxy on Server Fault See other posts from Server Fault or by Poxy
Published on 2012-09-17T23:36:23Z Indexed on 2012/09/18 9:40 UTC
Read the original article Hit count: 330

Filed under:
|
|
|

I had never used https on a site and now want to try it. I did some research, but not sure that I understood everything. Answers and corrections are greatly appreciated.

Here we go:

  1. To use https I need to generate ‘private’ and ‘public’ keys for the web server I use. In my case it’s apache (manual: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html)

  2. Https protocol should be bind to port 443.

    Q: How to do it? Is it done by default? Where can I check configuration?

  3. Aplying https.

    Q: If I see https in browser does it mean that the data traffic on the page IS encrypted? Any form on the page would submit data via https?

  4. Though all the data gonna be encrypted, the browsers would still show ugly red messages. This is just because they do not know anything about my certificate. They have about a hundred certificates pre-installed but mine is not one of them, obviously. But the data IS encrypted by https.

  5. If I want browsers to recognize my certificate, I would need to have it signed by one of the certification authorities (ca) that has its certificate pre-installed (e.g. thawte, geotrust, rapidssl etc).

UPD: To reed about ssl/tsl: The First Few Milliseconds of an HTTPS Connection, I found it very informative. Examples for PHP (openssl.org) of how to make use of ssl/tsl on the server side are published here.

© Server Fault or respective owner

Related posts about ssl

Related posts about https