Securing Your Web EDMS Server with HTTPS
"Https allows you to have a secure connection to your web site over an insecure internet."
What is Https?
Https is a way to make your web connection secure. Lots of people are concerned with using WiFi at a public places like coffee shops, airports, train stations. They think their information may be stolen by thieves, which is in a lot of cases true. But what these people don't understand is that there's no place on the internet that is absolutely secure. There can be places where it's going to be tougher for somebody to intercept your information, and places that are not secured at all.
One of the ways how you secure your connection to the server is to use https, which is often called ssl or tls. It's basically means secure website. Now, what it does It encrypts communication between your device and a target website, so even if you're at a coffee shop nobody can intercept the information you're working with. It's completely and securely encrypted.
However, https does even more than that. It provides you with a secure:
- authentication
- data encryption
Authentication can help you be sure that the server you're connecting to really is yours, by checking the certificate issued by a trusted certificate authority.
Why Do I Need a Certificate?
Ok, first thing you need to do is to obtain a certificate. Let's look a bit closer at why do you need a certificate at all. The certificate ensures that you have a legitimate web server versus a spammy or a hacker site. The certificate is itself digitally signed for example, by VeriSign, and their public key is embedded in your browser upfront, before you even install it.
When you login to your web server it presents a certificate to your browser. Next, your browser checks that it's digitally signed using public keys that available for everyone. After that it exchanges some information with the certificate authority about who this certificate was issued to, is it still valid, checks it's expiration date and does other things like that.
If one of these checks won't pass, for example, your certificate has expired, it'll throw a warning and mark your connection as insecure. Otherwise, if everything is good, you'll see a green lock in your address bar, meaning that you have a secure and encrypted connection.
Obtaining a Certificate
Out of all of the certificate providers, in our experience, startssl.com makes obtaining a certificate a very simple and straightforward process. After registering there, you need to obtain a set of keys: ssl.key, ssl.key.crypted, ssl.crt, using certificates wizard. Then you have to convert them to .pfx file. After that, all you need to do is to configure your web server.
But, just for the test, you can generate a self-signed certificate and try it out. Simply go to www.cert-depot.com and generate yourself a certificate, then add it in the server settings. The whole process will take you no more than 2 clicks.
Note: You won't get a green lock in the browser using self-signed certificates. Just click "Continue to this website" when you'll see a warning about not valid certificate.
Setting up HTTPS in FossLook Web Server
Once you've got your certificate, you need to install it in your web server. In FossLook Administrator go to the "Web server settings" tab, in the "HTTPS Settings" section select "Use" checkbox.
A form will pop up, where you need to specify the path to your certificate file and enter a password.
After that, web server is going to be restarted and if your certificate passes validation you'll see a green confirmation icon that everything is ok and your web server now can work over https.
Finally, you can open your browser, enter a web server url into the address bar and see that now your communication with the server is fully secured and encrypted.
Once you've finished setting up your web server and gave it an internet access, we really recommend you to visit a site called ssl-labs.com. If you go there, the front page has a link that says "Test your server", and that does a really superb set of checks on how you configured your server. It gives you advice on what to do better, a report card when everything is done with the grades, so overall it's just an awesome service that we recommend you check out.
Related articles