Recently, we updated our website and wanted to make sure we secured our visitors and their data. Upon digging around a cool service we use called Cloudflare to make sure our SSL certificate was properly configured, we discovered a little gem that is pretty awesome. Free SSL! Cloudflare, in a nutshell, is a simple way to supercharge your website. They play the middle man to connecting your users to your website. Offering ways to speed up the delivery of your content via caching, optimizations, cdns and more. You can also think of them as like a bouncer to a club, if spammers try to get into your site, they won't even make it passed the front door.
One of the many features that they offer is SSL, but one question many have is why do I need it? There are are a few reasons, first, Google recently changed their search algorithm to rank sites that have SSL higher. Second, it increases security and trust with your visitors that they'll feel good that their data is safe. And finally, compliance, if you run a store or collect money via your site, you must have an SSL certificate. Otherwise, someone could easily intercept your credit card you just entered to buy that new BB8 Stars Wars toy and nobody wants that.
Cloudflare has 3 options for SSL and their site goes in more detail than we'll spend so feel free to check it out.
We wanted to see just how easy it was to get the Full SSL option up and running starting from having an existing site hosted on IIS, and no Cloudflare account. Signing up for an account on Cloudflare is free and they even help to get all of your DNS records moved over to them. Once you sign up and get all of your DNS records configured for your domain, you jump right in and enable SSL. Head over to the Crypto menu item (looks like a lock) and switch your SSL to be FULL.
That's it for the configuration on Cloudflare, hope on over to your server and make sure you've got a https binding in IIS for your website.
You'll need a self-signed certificate in order to create the https binding. If you don't know how to do this for IIS, we'll save you some Googling time and direct you over to ScottGu's blog at Mircosoft. Once that binding is created, you webserver and cloudflare should now be configured to to use SSL. Easy as pumpkin cheesecake.
Getting a free SSL certificate working from cloudflare was surprising simple. If you don't use IIS as your web server, the process should be pretty straight forward with other webservers.
- Cloudflare Account
- Self-signed Certificate on Webserver
- Https binding/endpoint for website using self-signed certificate.