Tag: SSL

The joys of SSL certs

The joys of SSL certs

Certificate ass u meThere’s a saying “Don’t assume- it makes an ass of U and me“, and I er fell foul of this a month ago. A couple of months ago I setup a cheap VPS. It was one of those that you pay every month. What I didn’t realise was you are explicitly meant to renew the hosting every month and they send you an email with a link. Of course what did I do?, I er forgot to renew it. Annoyingly, I’d installed Virtualmin, redirected a domain and bought a cheap SSL certificate. All lost.

Now I actually did something right and there’s a lesson here. When you setup a SSL certificate, you create a CSR (Certificate Signing Request) and a Private key. You upload the CSR, pay your money (£20 for four years) and get a certificate back. The hosting companies I’ve used provide a SCR creation facility and somewhere to paste the private key and certificate when you get it. Then you click a button and your website now has a working SSL. It couldn’t be easier.

So luckily for me I had made a backup copy of my private key and was able to download the certificate. I’ve setup a completely new VPS, redirected the domain and very nervously pasted in the cert and private key. It worked. I had been bothered that the CSR was generated on a different server but it doesn’t seem to matter. So long as you have the private key the certificate works on a different server.


Adding an SSL Cert

Adding an SSL Cert

SSL connectionThese days, if you have a website or even a game server then you probably should have an SSL (or TLS to be more precise) certificate. Have you heard of telnet? It’s an old protocol that allows you to connect to a remote computer and issue commands. Do you know why you don’t hear of it any more? Because it was designed for an era where hackers didn’t spend all their time attempting to compromise computers. Telnet, like FTP has a flaw. Passwords and login details are sent in the clear. Not hashed, or encrypted.

Why don’t I use SSH to connect to it? I do. SSH has more functionality than SSL and is very good for encrypting remote connections. SSL needs a certificate, whereas SSH doesn’t but many think you should use a SSH certificate as a substitute for username/password and I intend to. If you’re not sure of the technical differences between SSL and SSH, this article isn’t a bad place.

So today I paid for an SSL certificate. I’d pointed a domain I had handy to the vps a few days ago, to give DNS a chance to settle, (24 hours max but usually much less) paid £20 for five years of SSL cert and installed it today. Thankfully, virtualmin which I use for configuring the server makes it straightforward to request a SSL by generating the CSR (Certificate Request an Private Key) . This blog uses an SSL cert from the same place (CheapSSL). Despite the low price the certificates are very good.

Although the world won’t see what the cert is protecting, you almost have to have them nowadays. This is for the connection between smartphone and server. As I found today, Apple is ramping up security and Google is doing the same. I have iOS 14 on my iPhone (upgraded yesterday) and it refused to connect to WiFi in my local coffeeshop. Their certificate doesn’t expire for another month but I suspect it is now over 398 days old. As far as Apple is concerned, that certificate is past its use by date. This is Apple’s new policy since earlier this year. My wife’s iPhone, still on iOS 13 connected quite happily.

For those who have bought a multi-year certificate as I have today, it just means you have to generate another CSR and install a newer certificate once every 400 days or so. I’ve started taking screenshots of the details so I get them correct! I believe Google is moving to this 398 day maximum as well.

So the commands from smartphone to game server are now sent over https and encrypted in flight as are the results. It’s one less thing to worry about.