SSL and HTTPS for webpages 101

You do not need to know the cryptography subject to setup secure page. But a certificate alone does not encrypt your traffic. You would need 3 things for HTTPS to work.

1. Secure protocol

Traditionally it is still refered to as SSL, but technically SSL is outdated and not used anymore. Nowadays it is TLS. Mainly TLS v 1.2 now and 1.3 coming (TLSv1 and TLSv1.1 not used much and is being phased out). Your browser would establish connection to server over this protocol. I would suggest to make this a first step to enable your server accept https connection over port 443 (default). In Apache enable SSLEngine and configure virtual host to listen on port 443.

Traffic is ready to go via https protocol but there might be weak ciphers enabled and no certificate.

2. Configure cipher settings

At the very least must disable weak ciphers such as RC4, MD5 etc. Enable onyl strong ciphersuites. I found this interesting tool on SO Mozilla SSL Configuration Generator

Modern browsers will not even allow to view webpage if no modern secure ciphers are enabled.

3. Certificate

Without certificate data will not pass over TLS protocol and your configured ciphersuites. You can either use self-signed cert or request one for free from Letsencrypt. Or even buy from any SSL certs provider.

Certificate and a key are stored on your web server in the form of files (a simple scenario). Certificate can be signed by trusted CA, and browsers know about them, that way your browser will trust them and will not show any warnings. Using link in step 2, see where to put your certificates to enable them in your vhost config.

Testing

You must absolutely test and re-test your webpages. This way you will ensure your website does not have insecure configuration and up to current security standards. Below links to popular SSL Labs, and other tools.

TLDR Conclusion

To secure your webpage with HTTPS you must enable TLS on webserver, configure secure ciphers and install SSL certificate.

Further read

Roman, Date: 2018-09-11 14:00:00 UTC