What do we mean by “secure your server?”
By “secure your server,” we mean obtaining a trusted SSL certificate and using it to encrypt data transfer from the server to the service clients.
SSL is a common method of creating secure, encrypted connections between servers on the Internet and client computers that use cryptographic keys.
This is an advanced tutorial.
Before you begin
For this tutorial, you need a few things:
A fully-qualified domain name to create a certificate
If you need more information about domain names, see the Host a website tutorial.
For this tutorial, you’ll see myserver.example.com as a placeholder fully-qualified domain name.
WARNING: If you enter the placeholder settings in this tutorial, it won’t work. The name “example.com” is reserved for use in documents like this, and won’t work in real software configurations. Use your own settings.
A Certificate Authority (CA) to sign your certificate
The CA vouches for the identity of the person or organization who uses its services. When a CA digitally signs a certificate, it’s lending its trust to the certificate. If software trusts the CA, it trusts the signed certificate. Your Mac computer and iOS device have the root trusted certificates for the most popular CAs pre-installed.
Currently, the following companies are trusted, commercial CAs: VeriSign, Thawte, Geotrust, Comodo, and GoDaddy.
Before you go much farther, you need to learn a few terms:
Keys are pieces of unique data, generated from large numbers. In a public key infrastructure, keys come in pairs, a public key and a private key that are related to each other.
Keys form the basis of digital identity and a chain of digital trust.
A certificate is an electronic document that contains a public key with identifying information about the creator of the key (name, organization, email address, and so on).
To scramble, or encrypt, the connections between your devices and your server, you need to obtain a certificate. The certificate provides the client with a statement of who is sending the service data, so the client can negotiate a secure, encrypted method of exchanging data.
You also need to know about certificate signing, and trust:
When a certificate is digitally signed, it’s vouched for by the signer. When the signer is a Certificate Authority (CA), it’s lending its trust to the certificate. If software trusts the CA, it trusts the signed certificate. Your Mac computer and iOS device have the root trusted certificates for the most popular CAs pre-installed.
You can have your server sign its own certificates (called self-signing), but when offered self-signed certificates, client software may not have a basis to trust the certificate, and will alert the user that the certificate cannot be verified.
When a user accepts a certificate as trusted, the client software that uses it can make a secure, encrypted connection to the remote server that’s providing the signed public key.