Certification authority (CA)
A certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 standard.
How it work
You May Also Like- How To Create Secure MQTT Broker
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.
The key principles behind Let’s Encrypt are:
- Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
- Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
- Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
- Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
- Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
How To Enable Free HTTPS on your website
To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain.
To figure out what method will work best for you, you will need to know whether you have shell access (also known as SSH access) to your web host. If you manage your website entirely through a control panel like cPanel, Plesk, or WordPress, there’s a good chance you don’t have shell access. You can ask your hosting provider to be sure.
We recommend that most people with shell access use the Certbot ACME client. It can automate certificate issuance and installation with no downtime. It also has expert modes for people who don’t want autoconfiguration. It’s easy to use, works on many operating systems, and has great documentation. Visit the Certbot site to get customized instructions for your operating system and web
- First get a public IP by creating a VPS on any cloud service.
- Give a DNS name to that public IP.
- You need to have some debug tools, usually these are available with apt-get. So download the following tools:
- Apply for certificate to Certification Authority with command:
Certbot –d <DNS name> --manual –preferred-challenges dns certonly
This command will ask for some details and DNS verification, do that and after that if the CA authorize, the certificates will get saved in:
- Activate Apache SSL module by the command
sudo a2enmod ssl
- And then restart apache service:
sudo service apache2 restart ·
- Open the default ssl configuration file to configure apache :
sudo nano /etc/apache2/sites-available/default-ssl.conf
- Edit the file at defined fields as follows:
ServerAdmin [email protected] ServerName your_domain.com SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
- Activate the SSL virtual host as:
sudo a2ensite default-ssl.conf
- Restart Apache to implement the changes:
sudo service apache2 restart
- https server is ready to use, test it with a browser.
Article credit : Vishal C. Poddar.