Introduction
You might have heard a lot about the term like HTTP and HTTPS. In the early days, a protocol was defined, which was named as HyperText Transfer Protocol(HTTP). It is a way to communicate from browser to web server. When this communication happens, the data traveling on an HTTP protocol, just travel in the clear text formats. Due to this, it has been realized that the HTTP communication is not secure, and hackers were able to attack and intercept the important and sensitive messages. To solve this issue, the HTTPS protocol came into the picture. It is a secure protocol, and acronym stands for HyperText Transfer Protocol Secure. It simply makes encryption to the data when the communication happens, and data travels from the web browser to the webserver. So that if any hacker picks up that information, it’s all encrypted.
How do HTTPS works?
The HTTPS protocol works on either of the two things, that is SSL(Secure Socket Layer) or TLS(Transport Layer Security). Both tools use PKI(Public Key Infrastructure). PKI, in turns, uses two key, ie. public and private keys. Anything which is encrypted using the public key can be decrypted using the private key and vice versa. When we install an SSL/TLS certificate on our website, the ‘data encryption’ feature gets enabled. SSL is used as a checkpoint to guarantee the security of the data that is being exchanged over the Internet between the user’s browser and the website server.
Getting ZeroSSL certificate
ZeroSSL is a certificate authority (CA) that makes the thing very easy for everyone to install a certificate to make the website secure. You can get up to 3 certificates with 90 days validity in free.
Sign up with ZeroSSL After logging in, the below page will appear. Click on ‘New Certificate.’
Enter the URL you want to secure and click on the ‘Next Step.’
Select 90-day certificate and Next
Let’s proceed with the auto-generate CSR option
Proceed with the “Free” plan
Next, you’ll need to verify the domain ownership. There are a few options.
DNS – if you can add a DNS record entry Email – if you can receive the email to admin@yourdomain.com File Upload – if you can upload a file on the root of the domain
Choose what works for you. I’ll proceed with DNS entry.
I’ve added the CNAME and ready to verify domain.
Finally, once verified, the SSL certificate is ready to download.
Here is my downloaded certificates.
Its time to implement it.
Implementing on Apache
The following, I will install Apache on Ubuntu. Login to server and install using apt-get command. Let’s find out if Apache is running using systemctl command. Great, it is running. My domain (lab.geekflare.com) is already pointing to this Apache server.
But as you can see, it is not secured, and therefore, we will be configuring the certificate which we got from ZeroSSL.
Let’s create a directory called sslCA under /etc to store the certificate files.
Transfer the files to the newly created folder on the server
Enable SSL module
We will have to restart the webserver so that the changes can be recognized.
The next step is to configure the certificate files on the Apache SSL config file.
The name of the file is ssl.conf. We need to add the following in <VirtualHost directive.
Save the file and exit :wq!
After performing the restart, the SSL will get enable on the site. Let’s access the site using https://
And, as you can see, “Connection is Sure”. It means that our SSL certificate has been successfully applied to our webserver.
Implementing on Nginx
Nginx is located in Ubuntu’s default repositories, so it’s possible to install it from here using the appropriate packaging system.
The below command is used for installing the “Nginx”.
After installation gets success, we can start the Nginx using the below command.
Check the status of Nginx.
As expected, the browser will show the warning as a connection to this site is not secure.
Let’s quickly implement the cert to make the site secure using HTTPS.
Let’s create example.com.conf file at /etc/nginx/conf.d location. The file content will look like the below.
Now it’s required to add a certificate filename in nginx.conf file which is located in “/etc/nginx” directory. Add the following in http directive
Restart Nginx to verify the changes
And here we go.
Interested in learning Nginx? Check out this fundamentals course.
Testing SSL/TLS Configuration
The default configuration may be vulnerable, and I strongly suggest testing your site after implementing the certificate. There are a number of online tools you can check out here.
Conclusion
I hope this gives you an idea of getting a certificate from ZeroSSL and implementing it in two most popular web servers.