It would be great to implement HTTPS on this site. This post documented what I have learnt.
HTTPS is a combination of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to encrypt communication between your browser with other websites. The most important part of SSL/TLS is the handshake which will establish the encrypted connection. During a SSL/TLS handshake, the browser and the server will perform the following:
- Specific the version of TLS to use
- Decide on cipher suites
- Authenticate both server and client side
- Generate and exchange session keys
SSL/TLS certificate creates the foundation of trust to establish a secure connection. The certificate contains the identity of the certificate/website owner. To obtain a certificate, you must generate a Certificate Signing Request (CSR). This process also creates the private and public key pair.
A Certificate Authority (CA) performs the role of certificate issuer. The CA will use the generated CSR (that contains the public key) to create your SSL/TLS certificate. The private key is always kept secret. Once you receive the certificate, you can install it on your server.
Remember the SSL/TLS certificate created with a particular CSR will only work with the private key that was generated with it. So if you lose the private key, the certificate will no longer work.
You can use software such as OpenSSL to generate a CSR and private key.
openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key