Securing your Web server with SSL/TLS


Aurich Lawson

This is the second part of an ongoing guide to building a home Web server. In part one, we stood up a Linux server or virtual machine and installed Nginx, the powerful event-driven open source Web server behind some of the biggest sites on the Internet today (not to mention Ars Technica!). In this section, we’ll continue configuring the server by adding SSL/TLS encryption, enabling it to serve pages via HTTPS.

If you’ve followed the steps we laid out in our initial feature, you’ve got a safe Nginx server all set up and working. It’s serving your static pages without any issue. We don’t yet have a database, PHP, or anything running on it, but we are ready to take the next step: equipping your Web server with SSL/TLS so that you have the option of serving files via HTTPS.

Using HTTPS doesn’t just mean that your traffic is encrypted—encryption is only half of the story and it’s useless without authentication. What good is it to encrypt something between two parties if you can’t be sure of the identity of the person to whom you’re talking? Consequently, being able to serve HTTPS traffic means you must posses a cryptographic certificate attesting to your identity. Acquiring such a certificate requires you prove your identity to one of many Certificate Authorities, or CAs.

Read more at Ars Technica