Many aspects of our lives rely on the Internet and computers, including communications (email, cell phones, texting), transportation (traffic control signals, car engine systems, airplane navigation), government (birth/death records, social security, licensing, tax records), finance (bank accounts, loans, electronic paychecks), medicine (equipment, medical records), and education (virtual classrooms, online report cards, research).
Consider how much of your personal information is stored either on your own computer or on someone else’s system. How is that data and the systems on which that data resides (or is transmitted) kept secure?
There are many types of attack vectors a malicious user might use to exploit a web application/server and when dealing with a large web site, it is often impossible to secure all possible vulnerabilities prior to publishing it on the Internet. The primary key for security is to implement secure certificate (SSL) in website.
Also Read: Testing all SSL Vulnerabilities with Testssl python script
When visiting websites that have an HTTPS at the beginning, rather than HTTP, the S denotes secure. That means traffic between your browser and the web server is encrypted. This is usually done with either SSL (Secure Sockets Layer) or TLS (Transport Layer Security). SSL, the older of the two technologies, was developed by Netscape. SSL and TLS are both asymmetric systems.
How to get FREE SSL ?
With sslforfree.com, you can now get a Free SSL Certificate for 3 months without paying any single penny.
To set up an SSL session both sides exchange random numbers. The server sends its public key with a digital certificate signed by a recognized CA attesting to the authenticity of the sender’s identity and binding the sender to the public key. The server also sends a session ID.
The browser client creates a pre_master_secret key. The client browser encrypts the pre_master_secret key using the server’s public key and transmits the encrypted pre_master_secret key to the server. Then both sides generate a session key using the pre_master_secret and random numbers.
Step 1 – Visit sslforfree.com and enter your domain where you want to configure SSL.
Step 2 – After that it will asks you to verify the domain by 3 following ways:
- a) Automatic FTP Verification – With this option, you need to enter your FTP information which is obviously not safe at all.
- b) Manual Verification – With this option, you need to upload two files under some folder named as .well-known.
- c) Manual Verification (DNS) – With this option, you need update your DNS Record (TXT).
Step 3 – Out of all options, we’ll go with 2nd option i.e. Manual Verification by uploading files to the server.
As soon as you click on 2nd option, it will further show some information where you can download the files which you need to upload into File manager.
Step 4 – By clicking on button “Manually Verify Domain” you’ll get a complete procedure for downloading and uploading.
Please download the following files as shown on below screenshot.
Step 5 – And create a folder named as “.well-known” in your home directory under public_html as shown below.
Step 6 – In .well-known directory, create another sub-directory named as “acme-challenge” and this is the only directory where you have to upload all files.
Step 7 – Now you need to upload both files which you’ve downloaded from step 4 as shown below:
Step 8 – After clicking on “Download SSL Certificate” button, you’ll see your certificate information in 3 parts:
- a) Certificate
- b) Private Key
- c) CA Bundle
Step 9 – Now furthermore, you need to go to your Control Panel and click on SSL and here you need to install your certificate by entering above information into it.
Step 10 – And you’ll see a success message on your screen after the complete installation of certificate as shown below.
As soon you’ve properly installed SSL, you’ll see a green lock with https enabled protocol in the starting of your domain.
Actually, if you properly set up your website to use an SSL, then it should automatically generate the URLs so they use HTTPS. Forcing visitors to use SSL can be accomplished through your .htaccess file using mod_rewrite.
The below code when added to an .htaccess file will automatically redirect any traffic destined for http: to https:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
With whynopadlock.com you can even test your website for SSL.
Normally, to activate SSL on a Web server, a digital certificate must be installed. A digital certificate is generally obtained from a known CA and installed on the Web server. When visiting a Web site that employs encryption, it is possible to view information on the server’s digital certificate.
To view this information with Internet Explorer, simply click on File and then Properties. When you click on the Properties option the properties window pops up and then you can see the certificate information.
To view the same information with Firefox, simply click on green lock icon and click on More information, a new windows will open where you need to further click on “View Certificate” button.
You may also like:- Mastering Windows Management with WMIC Commands – Top 20 Examples
- Edit and Compile Code with the Best 5 Code Editors
- 50+ Top DevSecOps Tools You Need To Know
- Learn How to Add Proxy and Multiple Accounts in MoreLogin
- Some Useful PowerShell Cmdlets
- Create Free SSL Certificate – ZEROSSL.COM [2020 Tutorial]
- Generate Self-Signed SSL Certificate with OPENSSL in Kali Linux
- RDP – CredSSP Encryption Oracle Remediation Solution 2020
- Scan Open Ports using Ss, Netstat, Lsof and Nmap
- Top 10 Dangerous Viruses of all times
