Going Green on Saint Patrick's Day
March 17 2017
One of my top priorities when building this site was to install an SSL (secure sockets layer) certificate. You’ll notice that when visiting this site the address bar should now display a lock. In Chrome, this lock is green. While generally SSL certs are more appropriate for sites that you enter data into, I still felt that appropriate encryption is something all sites should have regardless if they’re read only (like this one).
A note on installing the actual certificate. While I have a high level understanding of how the TLS handshake is performed, I found the installation process laughably unintuitive. Generating a public/private key pair was trivial, but actually creating the cert was terrible. For those that haven’t installed an certificate (which I imagine is most people given this process is archaic at best), I’ll provide a little background. A cert file, aka certificate chain, is a concatenation of a web server certificate which is issued to you by your CA (certificate authority), an intermediate certificate, and the CA’s certificate. Don’t go getting flustered with the term certificate either. It’s literally just a generated string of gibberish (well not gibberish but that’s beyond the scope of this post). The concatenation of these certs is as simple as opening up a text editor, think Word, and copy pasting these files together in one page. Lastly, these are PUBLIC KEYS which means you can find them online!
Okay, now we know what a certificate should generally look like. As a CA you should be able to concat all these things for me, right? Evidently not. I received an email containing the web server cert. Makes sense, I’m fine with that, but where are the intermediate and CA certs? Well apparently you have to navigate around your CA’s 90s era website to find them. Why? They know when I made my purchase, they know it’s SHA-2, why can’t they give me both of these in the email? Even a hyperlink to these pages would be fine. Google-foo shouldn’t be a requirement!
In any event, the price point was great so maybe I’m just being too cynical. Oh well, Happy Saint Patrick’s Day!