Skip to main content

Why HTTPS and What is SSL Certificate


I want to share few things about SSL/Https/signed/self-signed Certificates. This is right time to publish about my thoughts. Lets see why https instead of http:

There are two primary differences between an HTTPS and an HTTP connection work:

  • HTTPS encrypts the data sent and received with SSL, while HTTP sends it all as plain text
  • HTTPS connects on port 443, while HTTP is on port 80, Means 443 is the default port for https, so make sure whether the the port 443 is free.

As I said above, HTTP sends the data collected over the Internet in plain text. This means that if you have a form asking for a credit card number, that credit card number can be intercepted by anyone with a packet sniffer. Since there are many free sniffer software tools, this could be anyone at all. By collecting credit card information over an HTTP (not HTTPS) connection, you are broadcasting that credit card information to the world. And the only way your customer will learn it was stolen is when it's maxed out by a thief.

There exist two kind of certificates

  • Signed (Provided by certificate authority like Verisign, Thawte etc., of-course you need to spend some amount
  • Self-signed (created using ssl tools like openssl)

Both certificates will generate a site that cannot be read by third-parties. The data sent over an https connection or SSL, will be encrypted regardless of whether the certificate is signed or self-signed, then the next question in our mind might be

Why Pay a certificate authority (CA) for Signed certification? the answer is:

A certificate authority tells your customers that this server information has been verified by a trusted source. The most commonly used Certificate Authority is Verisign. Depending upon which CA is used, the domain is verified and a certificate is issued. Verisign and other more trusted CAs will verify the existence of the business in question and the ownership of the domain to provide a bit more security that the site in question is legitimate.

The problem with using a self-signed certificate is that nearly every Web browser checks that an https connection is signed by a recognized CA. If the connection is self-signed, this will be flagged as potentially risky and error messages will pop up encouraging your customers to not trust the site.

When self signed SSL Certificate is ok

I don't believe that any site that needs a SSL certificate for customer-facing pages should use a self-signed certificate. I also don't think it's a good idea to use a self-signed certificate on any Web server that is live on the Internet. That is just asking for hackers to set up a man-in-the-middle or other hack on your server to try and trick people into providing information they shouldn't.

The only time a self-signed cerificate should be used is for testing or development  behind a firewall. Such as our a kind of development environment. If it is production, we should go with signed SSL version

If you want any clarification on this please feel free to contact me.

Comments

Post a Comment

Popular posts from this blog

Errno::ENOENT: No such file or directory

HTML to PDF conversion is very easy in rails and pdfkit will be useful in this case, wkhtmltopdf tool will be supporting tool so you can easily convert an html to pdf.  In my experience I used the following steps: gem install pdfkit -v 0.5.0 gem install wkhtmltopdf -v 0.1.2 gem install wkhtmltopdf-binary Some times this sequence will not work, so I use the following as per the instruction from  https://github.com/pdfkit/pdfkit/wiki/Installing-WKHTMLTOPDF Be careful to download the appropriate wkhtmltopdf tar ball, it depends on your os architecture, like i386 or 64 wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.9.9-static-amd64.tar.bz2 tar xvjf wkhtmltopdf-0.9.9-static-amd64.tar.bz2 mv wkhtmltopdf-amd64 /usr/local/bin/wkhtmltopdf chmod +x /usr/local/bin/wkhtmltopdf Try to convert html to pdf after restarting your web servers.  If you get any error like: Errno::ENOENT: No such file or directory then I have a str...
2 comments
Read more

Redis & nginx configuration for websocket/actionCable

Start redis server => redis-server redis console => redis-cli view available databases => config get databases pubsub channels global* pubsub channels global_notification_2 pubsub channels global_notification pubsub channels * => Lists all the available channels pubsub numsub global_notification_2 => returns the number of subscribers From unix command line directly redis-cli PUBSUB CHANNELS redis-cli PUBSUB NUMSUB global_notification_2 [root@api prod-openmednet-api]# redis-cli PUBSUB CHANNELS 1) "_action_cable_internal" 2) "global_notification_2" [root@api prod-openmednet-api]# redis-cli PUBSUB CHANNELS global_notification_2 1) "global_notification_2" [root@api prod-openmednet-api]# redis-cli PUBSUB NUMSUB global_notification_2 1) "global_notification_2" 2) (integer) 2 NGINX configuration:  worker_processes   auto; worker_rlimit_nofile 500000;  #=> refer RLIM...
Post a Comment
Read more

Postgres points

Export sql data to file copy (select * from table-name) to '/tmp/cta.pl.list' in root dnf install postgresql-server postgresql-devel service postgresql start mkdir /home/pgdir chown postgres:postgres /home/pgdir -R chmod 777 /home/pgdir -R  su postgres initdb -D /home/pgdir pg_ctl -D /home/pgdir -l /home/pgdir/log start 
Post a Comment
Read more