Security: Webserver HTTPS with Self Signed Certificate Do it yourself in 5 Minutes!!

Today the Point of Security and encrypted Webserver Communication is rolling over every User who hosts own Websites on the Internet. Last decades HTTPS was only used by Online Login Pages like Shops and Banks to verify the Communication between a User PC and the Website. But after January 2015 the most Search Engines like google decides to force index of Websites with HTTPS Protocol. The Background is that a TLS encrypted Connection isn’t easy to track and to force “drive-by-load-Viruses” to the Website Visitors.

Self Signed Certificate Sample
Self Signed Certificate Sample

But a lot of Webmasters of the Opensource Community were angry about this handling. Thats is not real problem if you won’t buy a SSL/TLS Certificate. Every Webmaster can create a self signed Certificate on his Webserver if he is able to login via ssh and to config the Webserver like Apache. Self signed Certificates are warned by the Webbrowsers at the only first view, but if the User wants to install the Certificate the Browser isn’t warning next visits!

The Search Engines like Google don’t check the trust of the Certificates by the robots and so your Site will be good placed on the Index like the last decades. The ONLY thing is that you MUST move all Files,Images, Internal Links and Bookmarks to “https://”  that the “LOCK” of the Browser Dialog is “CLOSED”  and “GREEN” like on the Picture .

Of course if you want, you can buy and install “Domain Name Trusted” Certificates, but if you only host private Websites/Blogs you won’t really pay over 100$ per Year for the Certificates.

Advantages:

  • Secure Login to your Site/Blog
  • Encrypted Transfer of Data
  • Security for your Visitors
  • No Drive-BY-Loads
  • Less Content Stealing

You will remark next years that the internet will be moved to HTTPS!

To create a Certificate use “OPENSSL” with this command,answere the Questions of the Script, later put the Certificates .crt and .key to /etc/ssl/.. and tell Apache to pull them there!

$sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt