It is a cool thing to have a secured website. Why? Because it helps being protective about the data that is sent over the net. You can access my blog via https (if you are not that tech- or abbreviation-savvy that means: Hyper Text Transfer Protocol Secure) and you can see it in your browsers url field. A small lock is located there and when you click on it, some window pops up telling you this (well, it tells you in your browsers language, so this is my browser telling me in German):
So what is HTTPS? I normally do not quote Wikipedia, but this is a nice and short intro into this matter:
[It] is a protocol for secure communication over a computer network, which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer. The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data.
So HTTPS makes the internet more secure. Well, at least it makes the communication between your browser and my blog (or any other page using HTTPS) more secure. That’s rather cool, isn’t it!
Now, how to get your own blog to be more secure? I am running my blog on a Plesk server hosted by my former roomie Chris (head over to alpha-labs.net for more howto’s and info about security and tutorials – they are great!). Lately he told me that it isn’t that hard to get a SSL certificate and get it running on the Plesk for the blog. So I digged into it a bit further.
I headed over to startSSL and had a look. Despite that the page seems a bit overloaded with info and kind of unstructured, it is rather easy to control. Have a look at their oversight for certificates. For your own blog a class 1 certificate is sufficient.
Create an account
First you want an account, so you head over to the most right button with the picture and the keys and click on it.
Now, choose the „Sign-up“ button.
Enter your credentials on the next page and hit „Continue »»“. You will be redirected to the PKI page. You will also get a verification code to the e-mail you provided. Paste it into the page and hit „Continue »»“ again.
You will get a certificate that you need for logging into startssl.com. Add it to your browser and save store it on your disk in case you need to redo your browser settings. There are tutorials on startSSL of how to add a certificate to your browser, so I will not cover this here.
The next time you want to log into startssl.com, your browser will ask you if you want to login using a provided certificate like this.
When you hit „OK“ you will be popped back to the PKI page.
Validate your domain
First thing you have to do is a domain name validation when you want to get a SSL certificate for a page or a blog. Head to the validation wizard and choose „Domain Name Validation“ from the dropdown menu.
Enter the domain name you want to use (I will show you the way with another domain I need a SSL certificate for).
Then let the wizard send a verification e-mail to one of the shown e-mail addresses. Make sure you have one of the following e-mail addresses set up: postmaster@, hostmaster@ or webmaster@ beforehand. Or just do it now in parallel so that you can get the e-mail with the verification code.
Hit „Continue »»“ and enter the verification code sent by startSSL.
Then again hit „Continue »»“.
When you reload the whole startSSL page, on the PKI page on the right hand side menu you can see your new domain under the „Domain Validations“ section.
Get certificate for validated domain
Head over to the „Certificates Wizard“. Choose „Web Server SSL / TLS Cerficiate“ in the dropdown menu. Then click „Continue »»“.
If you created your own private key and certificate request (CSR), you can skip this step. Otherwise, create a password for your key and choose keysize and hash algorithm.
Creating a key takes some seconds. The next page shows your private key. Save it somewhere save. HINT: you need the UNENCRYPTED key for the Plesk webpage. You can decrypt it in the startSSL toolbox or with the OpenSSL utility and the provided code.
Click „Continue »»“ then add the validated Domain you want the certificate to be used with.
You need to add a subdomain. If you don’t have a subdomain at hand, don’t search your brainzzz for it. Just type „www“ (yes, this is a valid subdomain for startSSL!) and hit „Continue »»“ once more.
The wizard is now ready to process your certificate.
Click „Continue »»“ and in the next page save your PEM encoded certificate. BEFORE you do anything else:
- Save the PEM encoded certificate
- Save the intermediate certificate (right click the bold printed „intermediate“ at the bottom of the page and save the link source)
- Save the root certificate (right click the bold printed „root“ at the bottom of the page and save the link source)
Now, click „Finish »»“ aaaand you are done here! 🙂
Decrypt your private key for use with Plesk
Go to the startSSL Tool box.
Choose „Decrypt Private Key“. Enter the ssl.key you saved earlier and enter the password you chose and hit „Decrypt »»“.
Save the decrypted key (to avoid confusion I named mine „ssl-decrypted.key“). You can spot the difference in the second line.
Your encrypted key will say:
-----BEGIN RSA PRIVATE KEY-----
Your decrypted key will only say:
-----BEGIN RSA PRIVATE KEY-----
How to add the certificate to Plesk
You need your decrypted ssl.key (I named mine „ssl-decrypted.key“ to avoid confusion) and ssl.crt from startSSL at hand. Also create a new file and copy both the intermediate and root certificates into it. Name this file something like „combined-ca_root_and_intermediate.pem“.
The next screenshots will be in German. The naming of the different parts are not 1:1 translations German «-» English (because Plesk did not do that!). But the icons are the same in both languages! So just have a look for the icons, not for the translation.
Log into your Plesk and choose the webpage you want to add the SSL certificate to.
Now, click on the „Certificates“ icon (yeah, called „Webseites sichern“ in German and something completely different in English).
Click „Add SSL-certificate“. DO NOT search for a certificate to add on this page! I tried to add a certificate here for hours before getting on the right track. 😉
Now, add a name for your certificate. Head to the second section where you can upload the certificates and such. REMEMBER that you need to upload the DEcrypted key, not the ENcrypted one!
Hit „Send files“ button and everything should be okay; signed by a green bubble at the top of the page. At the bottom you can see the newly added certificate.
Now, head back to the „Websites & Domains“ page and choose the domain you want to add the SSL certificate to. Click the „Hosting“ („Hosting-Einstellungen“ in German) icon.
Head to the „Security“ section. Check the „SSL“ box and choose the certificate you just added from the dropdown menu.
Hit „OK“ at the bottom of the page and you are done!
When you clear caches and cookies in your browser and now call your website with a https:// before the url, you will also have a lock in the browser bar.
Congrats, you secured a tiny place of the net! 🙂
IF This Then That (IFTTT)
Funnily enough my IFTTT recipe worked only after I added SSL to my page. 😉 And I ranted about IFTTT heavily before, as I read forums and tried to get it running but it just didn’t fire off.
But first: IFTTT is a page (also available as an app for the smartphones), which helps with rather simple recipes (that’s how they call their tiny work-loads) to get stuff from A to B. Every recipe follows a simple call: IF (a prerequisite is fulfilled) THEN (do something).
So I wanted something like: IF (I publish a wordpress blog entry) THEN (post a short note on Twitter).
I opened up an account on IFTTT. It looks a bit strange on PC webbrowser, as the page seems to be optimized for tablets or smartphones, but as I am doing my blog stuff at the PC this doesn’t matter for me. Now, when logged in, I choose the „Channels“ link on the top bar of the page.
An oversight of all the pages, channels, programmes you can connect to IFTTT is shown. I chose WordPress and added login credentials and the url where my blog is located.
I also did this for Twitter (as I want my blog posts to be send to Twitter). I am already logged into Twitter on this browser, so that Twitter asks if IFTTT can do stuff in my name. I say „authorize this app“ and now IFTTT and Twitter are connected.
Now, head to „My recipes“ in the top bar and then click on „Create a recipe“.
It starts with the first step. I want a trigger to be a new blog post on WordPress. So I click „this“:
Then the wizard takes me to the trigger channel. I search for WordPress and click the icon.
It now asks me which trigger I want to use; if it should fire with any new post or just with posts, which are in a certain category. I choose „any new post“.
Then I complete the trigger by clicking „Create Trigger“.
Now, to the thing, which will happen when the WordPress trigger fires. I do click on „that“:
Then I search for Twitter and click on the icon.
More actions can be choosen from here. But I just want a tweet about the new blog post, soooo:
You now can define the tweets message with an easy ruleset. Just write some intro and then add maybe the title of the blog post or the url (which might come in handy ;-)).
If you want to add more tags into the tweets text, just click on the „ingredients“ icon in the upper right corner.
When you are done, just click „Create“. The final step shows you a quick oversight of your recipe.
After you clicked „Create Recipe“ and move back to „My recipes“ on the top bar, you can find your newly created recipe there.
Only thing that you need now is to create a blog post and publish it. If the trigger will not fire, you can have a look in its log (second icon from the right) or rerun it (second icon from the left).
Happy twittering. 🙂