Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.
Following are the ways we apply SSL in various frameworks.
SSL can be configured on a rails stack from the Cloud66 console using the following steps.
- On the stack page, add an
Add-In
from the Add-Ins menu. - Find the
SSL
add-in in the networking menu and clickINSTALL NOW
. - In the
New SSL Certificate Information
select LetsEncrypt. - Enter the allowed domains (complete domain name) and click
Add LetsEncrypt SSL
Configuring SSL to NodeJS application deployed on Application Load Balanced AWS Elastic Beanstalk application. This will be done in 2 parts. These are:
- Creating an SSL certificate using AWS Certificate Manager (ACM).
- Configuring SSL to your load balancers.
You will need an AWS account for this. If you don’t have one, create one.
- Login to AWS console.
- Click on the Services option on the top left corner, then under Security, Identity, & Compliance heading go to Certificate Manager.
- On the ACM page select Provision certificates.
- Keep the default selection checked (Request a public certificate) and click on the Request a certificate button.
- Add the full domain name you have purchased and click Next
- In the Select Validation method, select DNS Validation and click on Review.
- Review the selected values for Domain name and Validation and click Confirm and request button.
- This takes some time around 5–10 minutes to be issued by Amazon. By the time you can Add the highlighted
CNAME
record values to the DNS configuration for your domain and click Continue.
NOTE: — To add CNAME records, you have to add them to the DNS provider platform. This might get automatically done if your domain is hosted on Route 53
- Go to Services > Under Compute heading > Select EC2 (Elastic Compute Cloud).
- On the left panel of the EC2 page, under Load balancing, select Load Balancers.
- Select your desired environment (if multiple), and under Listeners `tab click Add Listene
- Change the protocol and port to HTTPS and 443 respectively. Then under the Default action(s) section, click + add action and select Forward to… option and select your application name and click the ☑ button. After that select the default SSL certificate from the drop and click on the Save button at the top.
- For the same environment, again under the Listener’s tab, select the HTTP option and click the Edit button.
- Here you don’t have to change the protocol, instead, you just have to add the default action(s) as Redirect to… and fill port number as 443 next to HTTPS dropdown > click on ☑ button > click on Update.
- Stay on the same page and from left pane under the Network & Security heading select, Security groups.
- Select one instance of EC2 > Choose Inbound > Click Edit (popup opens) > Click Add rule > Select HTTPS from the dropdown > Click Save.
- 1. Repeat step 8 for other instances as well. Wait for a while around 10 minutes maybe and then check
your_domain.ext
it should work!
By doing this, anybody who visits the https://<your_domain>.<extension>
URL will forwards to our Angular application under HTTPS protocol. But what if someone comes to http://
URL of our application? For this, we have to redirect our traffic to https://
. We will see it in next steps below: