SSL All The Things

Lately there has been a lot of buzz around security when using web services. Everyone seems to be very paranoid all of a sudden and encryption is the answer to everything internet based. I wouldn't say I'm too overly paranoid, but I took this opportunity to add some extra security to my personal website. This post will cover the things I learned along the way through my research and also explain how quick and easy it can be to add SSL Encryption to your website.

Removing Password from SSL Key

I recently just setup a new SSL Certificate on marcqualie.com and ran into a little glitch that wasn't explained in the setup process, but luckily I already knew how to fix as I've installed these many times before. When you generate the .key file you must put a password on it, which is a good idea, but impractical for use on an Apache server. All goes well until your restart, during which is asks for the password before the server can start. This is a huge problem, especially if your server crashes, or restarts and there's no one around to type in the password, your entire site will be down because the Apache process will be locked up waiting for this password. Luckily there is a simple workaround. Make sure you backup your original key first, just in case!