SSL – What you need to know

Well this past week been struggling heavily with the launch of this site build on wordpress, particularly with it’s SSL certificate (might I add that it was a purchased certificate). After days of coordinating with the server admin and various configuration changes, decided to bring on the site over to my server to isolate several variables, mainly since I didn’t have full control over the launch to production.

Anyway, after all that, figured what I picked up along the way may be of aid to anyone else who has suffered with err_name_cert and re-direct to other sites base on the ssl certificate.

What is SSL?

SSL stands for Secure Sockets Layer and, in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. 

https://www.websecurity.symantec.com/security-topics/what-is-ssl-tls-https

In short, though it doesn’t attack hackers like the puppy from the picture seems to be doing, it adds security to ensure that the data going from one place to another isn’t so easily read. Thus making obtaining your information from your forms that much harder to decipher.

How does it work?

A browser or server attempts to connect to a website (i.e. a web server) secured with SSL. The browser/server requests that the web server identify itself.

The web server sends the browser/server a copy of its SSL certificate.

The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server.

The web server sends back a digitally signed acknowledgement to start an SSL encrypted session.

Encrypted data is shared between the browser/server and the web server.

https://www.entrustdatacard.com/pages/ssl

When de-bugging errors that deal with SSL certificates its important to keep in mind this flow. The error can come from a bad DNS set up, to the browser caching an old certificate and not updating it.

In my case I decided to take control of the whole flow in order to isolate the amount of variables since I did not have control of how the dns were configured and how the config set up of server was from the start.

Why is it useful?

Though a lot can be said about the usefulness of end to end encryption, the reason why most website owners care about making sure their sites have an SSL certificate active are two.

  1. Google Ranks sites that utilize HTTPs higher.
  2. Builds trust with customers.

How to configure SSL certs with Apache?

Now finally to the tedious, though usefull config material.

<VirtualHost _default_:443>
               ServerName domain.com
               ServerAlias www.domain.com
               ServerAdmin {email}
               DocumentRoot {location of the application}
               ErrorLog /var/log/apache2/domain_error.log
               CustomLog /var/log/apache2/domain_access.log combined
               SSLEngine on
               
               SSLCertificateFile {location path to}certificate.crt
               SSLCertificateKeyFile {location path to}private.key
               SSLCertificateChainFile {location path to}ca_bundle.crt
<Directory {location of the application}>
      Options Indexes FollowSymLinks MultiViews
       AllowOverride All
         Order allow,deny
         allow from all
</Directory>
     LogLevel warn
</VirtualHost>

please the do not include the {}, they are only for references of the places where you need to change values.

How to make sure using WordPress?

WordPress has various points to look for configuration, however I can recomend you the use of these two plugins to make your deployment a breeze.

Really Simple SSL

SSL Insecure Content Fixer