Enable Free HTTPS for Your Website with Cloudflare

To enable https you’ll need to have a server certificate either signed by a recognized authority or self signed. Generally a well recognized authority is better. Because self signed certificates will be red flagged by most modern browsers and your users will get a security warning before entering your site.

DigiCert is a well known authority for certifying servers. This is important for gaining user’s trust in your server that you are the one you claim to be. Major brands like Facebook, Google, Microsoft, IBM, Amazon and many more uses DigiCert to certify their servers. You may also buy certificates from other well known authorities like VeriSign, Thawte, Comodo etc.

But if you want some FREE solution like me, there are some options for you too. If you’re using https mainly for your own use (i.e. securing your admin panel), you might like to self sign your certificate. Otherwise there are providers like Cloudflare that also provide ssl authorization service for free along with performance optimization and other cool features like free CDN.

Signup for cloudflare and setup your domain

Goto Cloudflare and add your website there. Update your domain dns entries to point to cloudflare and setup cloudflare settings to enable SSL.

Cloudflare has several options to enable https for your website.

Cloudflare SSL Options

Flexible SSL: There is an encrypted connection between your site visitors and CloudFlare, but not from CloudFlare to your server. You do not need an SSL certificate on your server. Visitors will see the SSL lock icon in their browser.

Full SSL: Encrypts the connection between your site visitors and CloudFlare, and from CloudFlare to your server. You will need to have an SSL certificate on your server. However, CloudFlare will not attempt to validate the certificate (certificates may be self-signed). Visitors will see the SSL lock icon in their browser.

Full SSL (strict): Encrypts the connection between your site visitors and CloudFlare, and from CloudFlare to your server. You will need to have a valid SSL certificate installed on your server, and the certificate must be signed by a trusted certificate authority and have not expired. Visitors will see the SSL lock icon in their browser.

Let's go with Full SSL

We will use the best solution here, which is Full SSL that is Free and also the connection from cloudflare to your server will also be encrypted using your self signed certificate. So let's select the Full SSL option in your site's cloudflare configuration. After that you need to create and enable a self signed certificate in your own server.

Self Sign Your Server Certificate

Use the following command to install openssl in your ubuntu server:

sudo apt-get install openssl

Now create your ssl directory to keep certificate files:

sudo mkdir /usr/ssl/
cd /usr/ssl/

When creating the certificate, you will be asked for your information along with a common name. You should use the full domain/subdomain name you want to have ssl enabled. For example *.example.com to enable all subdomains in the domain example.com.

Now let's create the server private key, you’ll be asked for a passphrase:

openssl genrsa -des3 -out server.key 1024

Create the Certificate Signing Request (CSR):

openssl req -new -key server.key -out server.csr

Remove the necessity of entering a passphrase for starting up nginx with SSL using the above private key:

cp server.key server.key.protected
openssl rsa -in server.key.protected -out server.key

Finally sign the certificate using the above private key and CSR with a validity of 5 years:

openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crt

Now your as certificate is created, you need to configure your web server software be it apache/nginx to use this certificate for https requests. I'm a fan of nginx, so the next article will show you how to configure nginx for serving https traffic.

Configure Nginx for Serving HTTPS

The following post will guide you through the process:

Configure Nginx for Serving HTTPS