Information Security is one of the major concerns when it comes to public information websites like blogs. Having an SSL certificate ensures the safety of the site as well as the safety of the user who is accessing the site. Recently Google Chrome announced the decision of marking the sites without SSL certificate as insecure. This blog post caught my attention. I finally made the decision to move to add an SSL certificate to my blog.
Most of the hosting providers provide straight forward ways to purchase and add SSL certificates to their hosted websites. But moving my blog has a problem. My blog was hosted in Gandi.net and has the domain name purchased from GoDaddy. So I did not get an option to directly add the SSL certificate to my blog. I did some steps after reading a lot from the internet regarding this process. Finally, I have managed to add the SSL certificate. I have decided to write this article sharing my journey of adding a SSL certificate to my blog with the hosting and the domain names with different hosting providers.
Google started marking all the sites without SSL certificate as invalid. This does not mean that the site does have some security problems. It means that the site is more prone to security attacks than the sites with a SSL certificate. This is one of the biggest steps taken by Google Chrome team. This will prompt various site owners to move their sites to https. This wil increase the security level of the overall websites. Enough of the introduction. Now lets come to the topic. I will be explaining the process that helped me to move my site to https in points. Each point indicates a step and then accompanied by any of the associated diagrams. I will try to explain the process in terms of simple steps.
1) The SSL certificate is bought from GoDaddy. All you need is an account with GoDadday, which can be created for free. Most of the payment methods are accepted.
2) Once the certificate is purchased, it can be viewed under the My Certificates section. Now for adding this certificate to my blog, I needed the certificate signing request from my other hosting provider (Gandi.net)
3) For creating a CSR, I needed to generate a key pair. For this I needed terminal access to Gandi console. Gandi has a great tool called the emergency console. This will enable the user to get terminal access without going through large key pair setup procedures.
4) Once I logged in using the emergency console, I ran the openssl command. While running the command, the prompt asked me a series of questions. Among the questions one thing to note is the site specific or the domain name asked. Make sure that this name is equal to the current website name. I gave it as thehiddendeveloper.com. When all the other details are given the certificate is generated. The certificate is saved with the file name that we have given during the openssl command.
5) I opened up the content of my certkeyfile.csr (public key file) to view the certificate signing request.Moving back to Godadday under the certificates section I clicked on the purchased certificate from the listing. It asked me to paste the Certificate signing request. I pasted the content in the required checkbox. Now the certificate got updated with the site name that I have provided during the certificate creation process. Now my certificate got signed successfully. Now I have to assign this certificate to my website.
6) I viewed all my products under my products section. There I expanded the SSL certificates section. Under the manage certificate, I got an option to download the certificate. I got a zip file when I downloaded the certificate.
7) I went back to Gandi and opened by domain. There I got an option to add SSL certificate to my blog. There I uploaded the zip file that I have downloaded from Godaddy. Then it asked for the details like the certificate and the secret key. I pasted both contents. No my purchased SSL certificate got added to my site in no time.
8) After a few seconds, I saw my blog to be https enabled, and the insecure website option has disappeared.
Users who are website owners should consider moving their website to a much more safer https connection. This will protect their website from most of the common attacks and also it does protect the user who is accessing the website from third party attacks. I have shared mine. Do share yours in the comment section below.