How to enable SSL on a server (ie HTTPS on a web server) ?

About

This page is about how to configure a certificate and a private key for:

Why ? Because when a application (for instance a browser) connect to a server (for instance a web server), it can authenticate the server via its certificate (cert-based authentication) and the SSL handshake can then take place.

This certificate usage is also known as the SSL/TLS Web Server Authentication or server authentication for short.

Component

To enable ssl (https) on a server, you need:

    • It's a private entity and should not be shared (only the owner should have access)
    • However, it must be readable by the web server process in order to:
    • The private key may be stored in its own file or alternately in the same file as the certificate
    • It's a public entity and can be shared
    • It should be issued (signed) by a trusted CA
    • It is sent to every client that connects to the server in order to verify the server identity
    • The size should be at minimum 2048 1)
    • It must present the DNS name of the server in the Subject Alternative Name extension of the certificate. 2)
    • It must have a validity period of 398 days or fewer 3)
    • It must have the usage

For test purpose or for internal use you can be your own CA and self signed your certificate

Configuration

Once you got the signed certificate and the private key, you can configure your server:

How to see the server certificate in the browser ?

You can see the certificate of the web site in the browser

What happens when the certificate is bad ?

Example (when the certificate is open with portecle)

If you access this website with the above certificate, you got a warning (Example below in firefox)


Powered by ComboStrap