How to enable SSL on a server (ie HTTPS on a web server) ?

Certificate Validity Period Not Before Not After Portecle


This page is about how to configure a certificate and a private key for:

Why ? Because when a application (for instance a browser) connect to a server (for instance a web server), it can authenticate the server via its certificate (cert-based authentication) and the SSL handshake can then take place.

This certificate usage is also known as the SSL/TLS Web Server Authentication or server authentication for short.


To enable ssl (https) on a server, you need:

    • It's a private entity and should not be shared (only the owner should have access)
    • However, it must be readable by the web server process in order to:
    • The private key may be stored in its own file or alternately in the same file as the certificate
    • It's a public entity and can be shared
    • It should be issued (signed) by a trusted CA
    • It is sent to every client that connects to the server in order to verify the server identity
    • The size should be at minimum 2048 1)
    • It must present the DNS name of the server in the Subject Alternative Name extension of the certificate. 2)
    • It must have a validity period of 398 days or fewer 3)
    • It must have the usage

For test purpose or for internal use you can be your own CA and self signed your certificate


Once you got the signed certificate and the private key, you can configure your server:

For HTTP server:

For a Net Server, you need to enable SNI if you want to show more than one certificate.

How to see the server certificate in the browser ?

You can see the certificate of the web site in the browser

Web Site Certificate

What happens when the certificate is bad ?

Example (when the certificate is open with portecle)

Domain Validate Certificate

If you access this website with the above certificate, you got a warning (Example below in firefox)

Connection Is Not Private Firefox Bad Cn

Discover More
Web Site Certificate
Browser - Certificate

in the browser You can see the certificate of the web site in the browser Every browser has a truststore Example: Chrome > Settings > Manage Certificate
Certificate Validity Period Not Before Not After Portecle
CA Certificate

A CA certificate is a certificate used by a certificate authority to sign certificate. In the chain, it's the Root certificate or the intermediate certificates. Most organizations create an intermediate...
Protecle Certificate Extensions
Certificates - Extensions (X509v3 extensions)

extensions are key values that are part of a certificate. They are also known as the X509v3 extensions because they are defined in the x509 certificate format. The most known and extension are: ...
Certificate Validity Period Not Before Not After Portecle
Cryptography Certificate - How to self-signed a Certificate (for a test or internal server)

When a certificate is used to sign itself, it is called a self signed certificate. All root CA certificates of the certificate chain are self signed. This article shows you how to create a self-signed...
Domain Validate Certificate
Domain Validated Certificates (DV)

Domain Validated certificates are server signed certificates where the ownership of the domain was checked. There is no identifying organizational information for these certificates and thus should never...
Hsts Chrome Message
HTTP - Strict Transport Security (HSTS) - mandatory HTTPS

Strict Transport Security (HSTS) is a header that tells the client that the website should always be contacted with HTTPS When HSTS is on, if it's not possible to make a https connection (for instance...
Valid Https
HTTP - HTTPS scheme (HTTP-over-TLS)

The https scheme represents HTTP-over-TLS HTTP is a application protocol (OSI level 7) that is build on TCP as transport layer (OSI level 3) HTTPS is essentially HTTP after the connection has been secured...
Certificate Validity Period Not Before Not After Portecle
How a certificate is signed ? (known also as issuing or producing)

This article talks how a certificate: is send by a sender (known also as the owner) and gets its signature from a trusted ca to validate the identity of the sender. By signing a certificate, the...
Download Jdbc Cassandra
How to connect to Cassandra Cloud AstraDb with JDBC ?

This article shows you how you can connect to an AstraDb database with Jdbc. Download the JDBC driver at datastax Create a new driver with...
Ssl Test Server Www
How to debug / test a TLS / SSL connection ?

This article shows you how to see a SSL connection (handhsake) to debug any problem with configuration for: a server authentication or client authentication Check your firewall. Your port should...

Share this page:
Follow us:
Task Runner