HTTPS For the rest of us

security, web

HTTPS was once thought of as a special-use tool where security was of upmost importance, like online banking or sign in pages for web sites. Today, HTTPS has become necessary for all sites, from online banking to personal blogs. A push for HTTPS everywhere has come from browser vendors such as Firefox, Chrome, and Edge. HTTPS has become more than slapping a certificate on a web server and making sure the site loads over HTTPS. Modern and practical HTTPS deployments need to guard against a modern attacker.

Here we will cover a few subjects, including,

HTTPS Certificates

We'll demonstrate using Let's Encrypt to install and manage HTTPS certificates. It's easy, and it's free. The real kind of free, not free with strings. We'll cover what Let's Encrypt's software, CertBot, is doing, as well as setting it up.

Strict Transport Security

HTTPS is only effective if you actually use it. Here we'll talk about a browser feature that helps browsers use HTTPS all the time, and how it protects visitors.

We'll talk about HTTPS links, and why you really should use HTTPS in webpage links when possible, even if the site automatically redirects to HTTPS.