Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Gordon Jiroux
8,728 PointsAn important topic I haven't seen "touched" yet: "Creating/installing SSL Certs"
I haven't seen any content related to creating Self-Signed and/or installing CA Issued Certs...
It is an important part of development/hosting and IMHO SSL certs are "required" by most sites (unless you plan to offload everything "payment related" to a payment gateway, or don't plan to secure "Registration" or "login" screens); and people should know how to do it via command line/console (without a control panel), as Control Panels vary widely, and may not be available... in (Internal) Hosting, corporate & banking settings, control panels are often a luxury, and you are expected to know how to do without... Furthermore, knowing how to do it manually, will make using control panels to do it easier, as you know exactly what to look for.
For POSIX: It would be nice to see both OpenSSL and the Apache directives covered.
(Not sure if IIS will be on treehouse or not, but... that would be nice too... because in the "real world", you're likely to encounter both apache and IIS)
4 Answers
Gordon Jiroux
8,728 PointsAn example for creating a self-signed ssl cert (for test or "internal" (intranet) use only):
In the console...
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/apache2/ssl/host.domain.tld.key -out /etc/apache2/ssl/host.domain.tld.crt
Answer the questions (Note: State/Province MUST be Spelled out... NO postal abbreviations)... not really for this example, but if you are dealing with a CA, you must, so it's best to get in the habit.
*** Example Directive
DocumentRoot /path/to/virtual/web/
ServerName host.domin.tld
<Directory "/path/to/virtual/web/">
allow from all
Options +Indexes
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/host.domain.tld.crt
SSLCertificateKeyFile /etc/apache2/ssl/host.domain.tld.key
If your browser throws a "trust" warning, you know it's setup properly.... for internal use you can control what's "trusted", or just add a "security exception" to your browser. For external (customer facing) you'll want to get a cert issued by a CA
Gordon Jiroux
8,728 Pointsfor "Real" or Certifying Authority issued certs, Thawte (One of Many CAs like Verisign, NetSol, GeoTrust, etc.) has pretty easy step by step guides:
Apache: http://www.thawte.com/resources/video/install-ssl-certificates-apache.html
IIS: http://www.thawte.com/resources/video/install-ssl-certificates-iis7.html
Gordon Jiroux
8,728 Points@Treehouse Staff: Feel free to delete any part of, or the entire post if you have this covered, or feels it's out of place... I don't want to step on anyone's toes.
Errin E. Johnson
22,458 PointsI am new to tree house, but I know the have a secure SSL site or database is important. Will we be discussion how to create these secure sites? I haven't wrapped my head around SSL yet and may first need to know deeper meaning before i ask my question. I would like to create my own secure sites for my clients. Step by step instructions is ok for paid sites but is the steps for someone wanting to create their own SSL. What software would I need and coding used. etc. I feel tree house is a safe place to ask these questions, then searching the web on key search words...:) after all security is the question here.