HTTPS for Dummies

squaregoldfish · September 10, 2016, 5:45pm

Hi,

I’m putting together a website and I want to use HTTPS with Let’s Encrypt. I’m happy configuring Linux and Apache and lots of other fancy CLI stuff, but I have zero knowledge of this particular topic.

Looking through the documentation here I need to do some background reading before I start, so I have half a chance of doing it properly. Does anyone have any recommendations for explainers etc?

(If there are any such documents, could I suggest they’re added to the FAQ? It would help a lot of people, I reckon.)

Steve.

leader · September 10, 2016, 6:01pm

Are you looking for the information on how HTTPS works or just the information on how to obtain Let’s Encrypt certificates? I think for both topics you can find some useful guides on Youtube (for example, these cover getting LE certificates using ZeroSSL certificate wizard: https://www.youtube.com/watch?v=zUOohw61yhk, https://www.youtube.com/watch?v=ScCO9uZIVv0). If you search for something like “Let’s Encrypt Tutorial”, I’m sure you will get a list of useful videos too.

Osiris · September 10, 2016, 6:26pm

That should give you a good reading

squaregoldfish · September 10, 2016, 6:39pm

@leader At the minute I’m looking for basic information - I know I need a certificate, but what is it, where does it come from, and how does the web server use it? I realise that the specific configuration information will differ between servers and OSes, but the basic concept must be universal. I want that information to give me some context when I’m figuring out how to use Let’s Encrypt.

@Osiris I’ll read through those. I suspect they’ll go a lot deeper into the guts of the subject than I need, but maybe I can pick up the high-level stuff I’m after.

danb35 · September 10, 2016, 11:49pm

A certificate is a piece of data from a trusted source (a Certificate Authority, or CA) that the owner of a certain private key is who they say they are. The "who they say they are" can be the owner of a certain hostname, as Let's Encrypt verifies, or it can be a real-world organization, as an EV certificate verifies (at considerable extra cost). It includes the public key corresponding to the "certain private key", data specifying who it belongs to it and who issued it, and the CA's cryptographic signature.
See above--a certificate comes from a CA, of which Let's Encrypt is one among many.
The certificate, and its associated private key, are used by the web server in two ways:

To prove to visitors that the site is who it claims to be
To encrypt data using public-key encryption

system · October 10, 2016, 11:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.