Differences

This shows you the differences between two versions of the page.

--- en:https_ssl [2016/12/28 18:44] – [Https and certificate ssl] Domperss
+++ en:https_ssl [2021/12/03 18:19] (current) – external edit 127.0.0.1
@@ Line 7: / Line 7: @@
 ===== Why https? =====
-When you visit a website, a flow of data flows between your computer and that of the server where the site is hosted. For some sites, it does not matter that this feed is readable by everyone, but from the moment you enter a password, **you should** go through the "https" protocol wich ensures that the exchanges between you and the server are encrypted. This so the transferred information is hard to spy upon!!.
+When you visit a website, a flow of data flows between your computer and that of the server where the site is hosted. For some sites, it does not matter that this feed is readable by everyone, but from the moment you enter a password, **you should** go through the "https" protocol wich ensures that the exchanges between you and the server are encrypted. This so your transferred information is hard to spy upon!!.
   * [[http://www.bitdefender.fr/blog/Pourquoi-le-protocole-HTTPS-est-%28toujours%29-bon-pour-vous-437.html|Development on why https is better for the one who browses the web.]]
-   * [[http://sebsauvage.net/comprendre/ssl/index.html A more complete article by Sebsauvage on the issue.]]
+   * [[http://sebsauvage.net/comprendre/ssl/index.html|A more complete article by Sebsauvage on the issue.]]
    * To summarize, https is like a condom: it does not protect everything, but it's the minimum to avoid trouble.
@@ Line 70: / Line 70: @@
 For "Let's encrypt" to generate a certificate for all the domains hosted on the server, it is better to make a file by //vhost// in Apache. OBS: Make only unsecured versions(port 80), because "let's encrypt" automatically generates the secure versions(port 443, the "https").
-Let's encrypt seems to locate the subdomains correctly in the same file(name1.mydomain.com, name2.mydomain.com, etc.) ((Avoid it nevertheless, one file per subdomain i a better choice.)), but not the different domain names(mondomaine.com and mondomaine2.com for example), which must __imperatively__ be different configuration files.
+Let's encrypt seems to locate the subdomains correctly in the same file(name1.mydomain.com, name2.mydomain.com, etc.) ((Avoid it nevertheless, one file per subdomain is a better choice.)), but not the different domain names(mondomaine.com and mondomaine2.com for example), which must __imperatively__ be different configuration files.
 ==== Know the expiration date of the let's encrypt certificate ====
@@ Line 102: / Line 102: @@
 </code>
-Copy the information(above) to a file with the name: ''check_cert.sh'' and then run the following command
+Copy the information(above) to a file with the name: ''check_cert.sh'' and then run the following command:
 <code>
 ./check_cert.sh /etc/letsencrypt/live/monsite.net/cert.pem
@@ Line 129: / Line 129: @@
 ===== Improve and test site security via https =====
-To verify the https quality of the access site:
+To verify the https quality when accessing sites, try these links:
    * Https://www.ssllabs.com/ssltest/analyze.html: Allows you to see the biggest errors
    * Https://observatory.mozilla.org/: Mozilla is more demanding and allows to have a site well secured
@@ Line 152: / Line 152: @@
 <WRAP center round tip 60%>
-Former configuration, generates an A- to 11/02/2016. The news at the top comes from [[https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm]].
+Former configuration, generates an A- date: 11/02/2016. The news at the top comes from [[https://www.digicert.com/ssl-support/ssl-enabling-perfect-forward-secrecy.htm]].
   SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'
 </WRAP>