SSL nightmare - the SSL piece of the puzzle….ssl and https are the same
Beginning July of 2018 Google’s Chrome browser marks all non https sites as not secure. This was big news back then. It was like a red flag for visitors to websites and became a credibility issue overnight. This was not the only thing Google did to us developers. There were numerous other browser fixes over the past 2 years that haunt us till this day.
Bottom line, SSL is a NECESSARY pain in the butt but not to worry, once u get the hang of it we can obtain ssl certs quickly and apply them to our websites. In fact we apply to website right in apache24 httpd \extra\ssl file. Install ur certs so user accesses our web pages using https and not http protocol (http is now blocked by Chrome and displays a not secure message to the user which undoubtedly scares them away quickly)
First what is ssl? Then what is TLS? Both are the same but TLS is more current
Secure sockets layer and transport layer security (a more secure and current ssl) both enable https to appear in the url
For purposes of this blog post we will only write about the immediate ssl issue and not all the other things google wreaked havoc on. This rant will be in another post.
We need to get an SSL cert and install it on our apache server. Much is written on this topic and can become very confusing for the beginner developer.
Read this and save a lot of time
The problem for windows users is that most ssl tools are designed for Linux, like openssl and certbot. The beginner does not know this and thus it becomes research he'll to get the right solution
Use either zerossl or WACS for windows….folder in mydocs
Zerossl.com is quick for starters but there is a limit. If u have only 1 or 2 pages to certify then stay with this option. U get a free 90 day cert that u can append to apache server
Talk about experience with cloudflare
Also original experience on aws that made me go to cloudflare
Wix and wordpress have auto ssl but they have cookies
Linux has complicated ssl process..submission process was awkward
In search of free ssl
I thought aws was my answer after dumping wix and wordpress but I was disappointed. I was suddenly on my own with ssl. AWS introduced Cloudfront but it is expensive and complicated. Then I found cloudflare which gave me free ssl only for one site.
I had to dump aws too. S3, ssl and data connection all seemed to be cumbersome over at aws so now I use aws only for one thing and that is route 53. Finally I dumped Cloudflare because it uses a cookie that I did not want at my site. (just my personal preference because I was developing a cookie free tracking app at the time)
My original architecture included Wix and Wordpress before apache24 (tomcat was at local host on http only at that time)
Then S3 on aws with cloudflare and PHP in apache24..was using both aws and apache
When I found zerossl and then placed certs inside apache my nightmare was over. I was now fully in control of ssl at my site.
More to come on this piece...at the moment I am generalizing the issue of SSL and this article will be rewritten and eventually I will do a tutorial