PapaScott I like big blogs and I cannot lie! 🐘

SSL and all that

One cool thing about my new server setup is that his has SSL built in. You can even see an SSL version of PapaScott, but it's pretty meaningless to encrypt a public, static page, and I doubt that my entries will make any more sense encrypted than they do plain. But you can click on the little padlock to see my certificate.

If you follow that link, you'll notice that your browser doesn't trust my certificate. Your browser should be suspicious, since I created the certificate myself, and any Joe Blow can generate a certificate that claims to be from PapaScott. But since I'm using SSL only for myself and not to sell anything, I'm not going to pay money for a real certificate (i.e. of the functions provided by SSL, I need only encryption, not authentication).

SSL can be useful for for a my blog by encrypting connections that require a password, like phpMyAdmin or the mt.cgi in Movable Type. I'm forcing those pages to use SSL so no one can go sniffing my passwords and then pretend to be me. I'm not sure why anyone would want to pretend to be me, but any page worth a password is worth encrypting. It's a shame that most hosters offer SSL only as an expensive add-on.

Generating a certificate with OpenSSL is pretty easy (although tedious), and creating your own CA has been covered by a couple of articles at O'Reilly Network. Or you can just read the book (which despite the title, applies mostly to BSD and OS X as well.

comments powered by Disqus