HTTPS
- HTTPS uses either SSL (Secure sockets layer) or TLS (Transport layer security)
- TLS is successor of SSL
- Protocol versions : SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2.
- Internally, TLS 1.0/1.1/1.2 are SSL 3.1/3.2/3.3 respectively
- To check the protocol version a website uses, you can go to chrome dev tools > security tab
Setup HTTPS
- You need to purchase SSL certificate from Certificate Authority (CA)
- They identify and verify you and then issue a certificate
- They provide SSL Certificate, Intermediate and Root Certificate and CA bundle Files
- You need to install this certificate on your server
- The default https port number is 443 (compared to 80 for HTTP)
Example files from GoDaddy Certificate Authority
Setup in Node.js server
var https = require('https');
var fs = require('fs');
var https_options = {
key: fs.readFileSync("/path/to/private.key"),
cert: fs.readFileSync("/path/to/your_domain_name.crt"),
ca: [
fs.readFileSync('path/to/CA_root.crt'),
fs.readFileSync('path/to/ca_bundle_certificate.crt')
]
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("Welcome to Node.js HTTPS Server");
}).listen(8443)
Setup in NGINX (as reverse proxy)
server {
server_name _;
listen 80 default_server;
return 404;
}
server {
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/ssl/nginx.crt; # Path to your_domain_name.crt
ssl_certificate_key /etc/nginx/ssl/nginx.key; # Path to private.key
return 404;
}
HTTPS in practice
- In deployment it is suggested to not to enable https on your server
- Instead generally deployment infrastructure supports a reverse proxy which handles SSL/TLS termination
- for example, NGINX can be used as a reverse proxy to handle https and route the request to your http server
More topics
- What is X.509?
- what is SSL/TLS termination?