Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.
Following are the ways we apply SSL in various frameworks.
Rails
SSL can be configured on a rails stack from cloud66 console using the following steps.
Elastic Beanstalk - NodeJS
Configuring SSL to NodeJS application deployed on Application Load Balanced AWS Elastic Beanstalk application. This will be done in 2 parts. These are:
- Creating an SSL certificate using AWS Certificate Manager (ACM).
- Configuring SSL to your load balancers.
You will need an AWS account for this. If you don’t have, create one.
Creating a certificate
- Login to AWS console.
- Click on the Services option on the top left corner, then under Security, Identity, & Compliance heading go to Certificate Manager.
- On ACM page select Provision certificates.
- Keep the default selection checked (Request a public certificate) and click on Request a certificate button.
- Add the full domain name you have purchased and click Next.
- In the Select Validation method, select DNS Validation and click on Review.
- Review the selected values for Domain name and Validation and click Confirm and request button.
- This takes some time around 5–10 minutes to issued by Amazon. By the time you can Add the highlighted
CNAME
record values to the DNS configuration for your domain and click Continue.NOTE: — Adding CNAME records, you have to add to the DNS provider platform. This might get automatically done if your domain is hosted on Route 53
Adding SSL to Load Balancers
- Go to Services > Under Compute heading > Select EC2 (Elastic Compute Cloud).
- On the left panel of the EC2 page, under Load balancing, select Load Balancers.
- Select your desired environment (if multiple), and under Listeners tab click Add Listener.
- Change the protocol and port to HTTPS and 443 respectively. Then under the Default action(s) section, click + add action and select Forward to… option and select your application name and click the ☑ button. After that select the default SSL certificate from the drop and click on the Save button at the top.
By doing this, anybody who visits the
https://<your_domain>.<extension>
URL will forwards to our Angular application under HTTPS protocol. But what if someone comes tohttp://
URL of our application? For this, we have to redirect our traffic tohttps://
. We will see it in next steps below: - For the same environment, again under the Listener’s tab, select the HTTP option and click the Edit button.
- Here you don’t have to change the protocol, instead, you just have to add the default action(s) as Redirect to… and fill port number as 443 next to HTTPS dropdown > click on ☑ button > click on Update.
- Stay on the same page and from left pane under the Network & Security heading select, Security groups.
- Select one instance of EC2 > Choose Inbound > Click Edit (popup opens) > Click Add rule > Select HTTPS from the dropdown > Click Save.
- Repeat step 8 for other instances as well. Wait for a while around 10 minutes maybe and then check
your_domain.ext
it should work!
- DNS
Supplementary resources -