1 00:00:00,570 --> 00:00:06,190 We've now seen how TLS works in practice, so let's see how to implement it. 2 00:00:06,190 --> 00:00:10,080 Typically, insuring your site uses HTTPS 3 00:00:10,080 --> 00:00:15,450 requires purchasing certificates for your domain thru a certificate provider. 4 00:00:15,450 --> 00:00:19,050 Such as the place where you registered or host your domain. 5 00:00:19,050 --> 00:00:24,461 Creating your own certificate is also possible using the most popular 6 00:00:24,461 --> 00:00:30,428 open-source library that implements the SSL and TLS protocols, OpenSSL. 7 00:00:30,428 --> 00:00:33,826 OpenSSL is the de facto TLS implementation and 8 00:00:33,826 --> 00:00:39,980 runs on millions of servers, personal computers, and mobile devices. 9 00:00:39,980 --> 00:00:44,440 However, when you create a certificate with OpenSSL, in 10 00:00:44,440 --> 00:00:49,780 most cases you will end up creating what is known as a self-signed certificate. 11 00:00:49,780 --> 00:00:54,470 This means that your certificate is not verified by the central authorities 12 00:00:54,470 --> 00:00:58,370 on the Internet, who work together to keep the Internet's HTTPS 13 00:00:59,700 --> 00:01:02,510 ecosystem safe and functional. 14 00:01:02,510 --> 00:01:08,272 When you do this, web browsers will see your server's self-signed certificate and 15 00:01:08,272 --> 00:01:12,523 will often show a warning that this site is not totally secure. 16 00:01:12,523 --> 00:01:15,085 You may have seen this in your own web browser, 17 00:01:15,085 --> 00:01:18,160 and it definitely can turn users away. 18 00:01:18,160 --> 00:01:23,490 Because of this most developers purchase certificates from authorities that provide 19 00:01:23,490 --> 00:01:28,370 certified and trusted certificates, that you can install on your domain. 20 00:01:29,380 --> 00:01:32,790 Thankfully, there are now more options for doing this. 21 00:01:32,790 --> 00:01:36,160 Two of the most popular choices are Let's Encrypt and 22 00:01:36,160 --> 00:01:38,860 content delivery networks, such as Cloudflare. 23 00:01:40,580 --> 00:01:45,970 Let's Encrypt was launched in 2016 and is a partnership between many 24 00:01:45,970 --> 00:01:51,390 prominent Internet companies, including Akamai and Cisco Systems. 25 00:01:51,390 --> 00:01:56,390 Let's Encrypt now offers three trusted certificates that you can install on your 26 00:01:56,390 --> 00:02:02,770 own application's services and APIs using a simple command-line interface. 27 00:02:02,770 --> 00:02:08,190 Let's Encrypt also allows you to configure the certificates to renew automatically. 28 00:02:08,190 --> 00:02:11,140 And there is virtually no limit to the number of certificates 29 00:02:11,140 --> 00:02:12,960 that you can register. 30 00:02:12,960 --> 00:02:17,730 Let's Encrypt is quickly becoming the new standard by which to protect your domains 31 00:02:17,730 --> 00:02:19,330 with TLS. 32 00:02:19,330 --> 00:02:21,850 This is what we recommend learning. 33 00:02:21,850 --> 00:02:26,069 To learn more about Let's Encrypt check out the teacher's notes for 34 00:02:26,069 --> 00:02:27,165 more resources. 35 00:02:27,165 --> 00:02:31,904 Another option is going through a content delivery network or 36 00:02:31,904 --> 00:02:34,785 CDN provider, such as Cloudflare. 37 00:02:34,785 --> 00:02:40,740 Cloudflare and other services allow you to configure your domains DNS settings. 38 00:02:40,740 --> 00:02:45,730 They will additionally encrypt all traffic between your users and your server 39 00:02:45,730 --> 00:02:50,786 with TLS, as well as all traffic between your server and Cloudflare. 40 00:02:50,786 --> 00:02:56,477 CDNs, such as Cloudflare, also offer many other perks. 41 00:02:56,477 --> 00:03:01,577 Rate limiting and firewall protections can speed up your web applications and 42 00:03:01,577 --> 00:03:04,270 protect against DDoS attacks. 43 00:03:04,270 --> 00:03:08,350 To get started with Cloudflare just go to cloudflare.com, 44 00:03:08,350 --> 00:03:13,820 where you can add TLS to an unlimited number of your own domains for free. 45 00:03:13,820 --> 00:03:18,810 If you want more advanced protections and features you can pay for upgraded plans. 46 00:03:19,890 --> 00:03:24,928 Implementing TLS is a broad topic and though we won't cover everything here, 47 00:03:24,928 --> 00:03:29,977 we encourage you to explore additional information in the teacher's notes. 48 00:03:29,977 --> 00:03:34,460 You should also check out both Let's Encrypt and Cloudflare. 49 00:03:34,460 --> 00:03:37,898 With cost and ease of use no longer an issue and 50 00:03:37,898 --> 00:03:43,523 the increase in cyber attacks, you should always secure your websites. 51 00:03:43,523 --> 00:03:47,019 If those reasons aren't incentive enough, 52 00:03:47,019 --> 00:03:51,720 remember that Google ads priority to websites using HTTPs. 53 00:03:52,850 --> 00:03:58,010 Many hosting providers offer TLS encryption as an opt-in service, so 54 00:03:58,010 --> 00:04:01,390 that can be an even easier way to get started. 55 00:04:01,390 --> 00:04:03,410 One last thing about TLS, 56 00:04:03,410 --> 00:04:07,680 you'll want to be sure that all the content of your site is encrypted. 57 00:04:07,680 --> 00:04:12,590 That includes media files, third party scripts, and all other content. 58 00:04:12,590 --> 00:04:16,150 For more information check the notes associated with this video.