HTTPS and Certification for dummies
Posted
by
Poxy
on Server Fault
See other posts from Server Fault
or by Poxy
Published on 2012-09-17T23:36:23Z
Indexed on
2012/09/18
9:40 UTC
Read the original article
Hit count: 330
I had never used https on a site and now want to try it. I did some research, but not sure that I understood everything. Answers and corrections are greatly appreciated.
Here we go:
To use https I need to generate ‘private’ and ‘public’ keys for the web server I use. In my case it’s apache (manual: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html)
Https protocol should be bind to port 443.
Q: How to do it? Is it done by default? Where can I check configuration?
Aplying https.
Q: If I see https in browser does it mean that the data traffic on the page IS encrypted? Any form on the page would submit data via https?
Though all the data gonna be encrypted, the browsers would still show ugly red messages. This is just because they do not know anything about my certificate. They have about a hundred certificates pre-installed but mine is not one of them, obviously. But the data IS encrypted by https.
If I want browsers to recognize my certificate, I would need to have it signed by one of the certification authorities (ca) that has its certificate pre-installed (e.g. thawte, geotrust, rapidssl etc).
UPD: To reed about ssl/tsl: The First Few Milliseconds of an HTTPS Connection, I found it very informative. Examples for PHP (openssl.org) of how to make use of ssl/tsl on the server side are published here.
© Server Fault or respective owner