One way to get a free SSL is to migrate DNS control of your domains to CloudFlare. By default, CloudFlare offers a free “Universal SSL”. Under the “crypto” menu select “Full” for the SSL box.
The process takes 24 hours before your certificate works consistently. After 24 hours have passed you can force your website to only be accessed through https. This option is found under page rules. You’ll want to create two rules for your non-ssl URL: http://yourdomain.com and http://www.yourdomain.com and turn on “Always use https”.
If you don’t wait to turn on forced https your website will work intermittently for 24 hours in 30-minute intervals. But don’t worry, it will start working tomorrow!
Today, I enabled Secure Socket Layer (SSL, also known as, HTTPS) and Domain Name System Security Extensions (DNSSEC) on this website; my first time working with these technologies. This is a major milestone for me. Self-taught since 2008, my journey has led me to this day.
For those who know what these technologies are and already use them, try not to laugh. This was a real journey for me. For everyone else, I’ll do my best to explain.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as ‘SSL’, are cryptographic protocols designed to provide communications security over a computer network.
Basically, I added a green lock to my website (agarciatv.com). By doing so, I have joined the ranks of Facebook, your bank and every payment network that you’ve ever interacted with (assuming they were all legit). Granted there are different levels to these certificates; you’ll notice that Twitter has a really fancy green box next to their lock that says, “Twitter, LLC [US]” while Facebook doesn’t. And I certainly don’t. But, the green lock is good enough for me and obviously good enough for Facebook.
In addition to getting my very own green lock, I enabled DNSSEC. I had been curious about it ever since I had seen it in my registrar’s control panel. It’s my personality to want to fill every box and flip every switch. Some have told me that DNSSEC was unnecessary, but it sounds like a security measure I didn’t want to pass up. Wikipedia explains DNSSEC as:
The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.
I thought Google explained DNSSEC more clearly:
Domain Name System Security Extensions (DNSSEC) protect your domain from attacks such as DNS cache poison attacks and DNS spoofing. Your DNS provider can provide you with the values you need to activate DNSSEC.
To further simplify, now you will not have to worry about visiting a fake version of my website or hackers snooping on you. At least that’s the idea. I’ve stepped up my game and I hope to continue, as I learn more about security. If you have a website and would like to add an SSL too, ask specific questions in the comment section below and I’ll be happy to answer them!