SSL
🔒

SSL

Created
Apr 8, 2022 8:17 AM
Department
Engineering
Category
Security
Technology
Ruby on RailsAWS
Tags
Date
URL

Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.

Following are the ways we apply SSL in various frameworks.

Rails

SSL can be configured on a rails stack from the Cloud66 console using the following steps.

  1. On the stack page, add an Add-In from the Add-Ins menu.
  2. image
  3. Find the SSL add-in in the networking menu and click INSTALL NOW.
  4. In the New SSL Certificate Information select LetsEncrypt.
  5. Enter the allowed domains (complete domain name) and click Add LetsEncrypt SSL
  6. image
Elastic Beanstalk - NodeJS

Configuring SSL to NodeJS application deployed on Application Load Balanced AWS Elastic Beanstalk application. This will be done in 2 parts. These are:

  1. Creating an SSL certificate using AWS Certificate Manager (ACM).
  2. Configuring SSL to your load balancers.

You will need an AWS account for this. If you don’t have one, create one.

Creating a Certificate
  1. Login to AWS console.
  2. Click on the Services option on the top left corner, then under Security, Identity, & Compliance heading go to Certificate Manager.
  3. On the ACM page select Provision certificates.
  4. Keep the default selection checked (Request a public certificate) and click on the Request a certificate button.
  5. image
  6. Add the full domain name you have purchased and click Next
  7. image
  8. In the Select Validation method, select DNS Validation and click on Review.
  9. image
  10. Review the selected values for Domain name and Validation and click Confirm and request button.
  11. This takes some time around 5–10 minutes to be issued by Amazon. By the time you can Add the highlighted CNAME  record values to the DNS configuration for your domain and click Continue.
  12. image

NOTE: — To add CNAME records, you have to add them to the DNS provider platform. This might get automatically done if your domain is hosted on Route 53

Adding SSL to Load Balancers
  1. Go to Services > Under Compute heading > Select EC2 (Elastic Compute Cloud).
  2. On the left panel of the EC2 page, under Load balancing, select Load Balancers.
  3. image
  4. Select your desired environment (if multiple), and under Listeners `tab click Add Listene
  5. image
  6. Change the protocol and port to HTTPS and 443 respectively. Then under the Default action(s) section, click + add action and select Forward to… option and select your application name and click the  button. After that select the default SSL certificate from the drop and click on the Save button at the top.
  7. image

    By doing this, anybody who visits the https://<your_domain>.<extension> URL will forwards to our Angular application under HTTPS protocol. But what if someone comes to http:// URL of our application? For this, we have to redirect our traffic to https:// . We will see it in next steps below:

  8. For the same environment, again under the Listener’s tab, select the HTTP option and click the Edit button.
  9. image
  10. Here you don’t have to change the protocol, instead, you just have to add the default action(s) as Redirect to… and fill port number as 443 next to HTTPS dropdown > click on  button > click on Update.
  11. image
  12. Stay on the same page and from left pane under the Network & Security heading select, Security groups.
  13. Select one instance of EC2 > Choose Inbound > Click Edit (popup opens) > Click Add rule > Select HTTPS from the dropdown > Click Save.
  14. image
  15. 1. Repeat step 8 for other instances as well. Wait for a while around 10 minutes maybe and then check your_domain.ext it should work!