💾 Archived View for d.moonfire.us › blog › 2014 › 06 › 07 › enabling-ssl captured on 2022-07-16 at 16:11:55. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-06-03)
-=-=-=-=-=-=-
A few days ago, I saw an interesting post over on the Piwik's blog[1]. It was for Reset the Net[2], a general effort to try and get back some of the privacy of the Internet. In specific, a call for website operators to use SSL and encryption technologies.
1: http://piwik.org/blog/2014/06/resetthenet/
2: https://www.resetthenet.org/
Now, I'm a proponent of privacy. I want everyone to use PGP or GnuPG to encrypt their emails, but only one person has done that in ten years. Everyone else goes “who cares?” and just moves on (or stops talking to me). And using PGP is rather difficult with webmail, which means I have to jump through a lot of hoops to even send out PGP email (and there are no good open source webmail clients that support PGP).
The Reset the Net idea is a pretty good one, but it also fits in line with my philosophy. I don't have anything to hide, but I will fight for the rights of others to do so because someday, it may be important for all of us. Since I can't get people to send me encrypted emails, I didn't think I couldn't do much more besides talk about it.
However, when I saw Reset, I remembered that DreamHost[3] mentioned something about SNI[4] and SSL. SNI doesn't work with old browsers, but given the support, I think I'm okay with that. It is “good enough” with most evergreen browsers out there. The biggest problem came down to getting an SSL certificate. At work, each one is hundreds of dollars and a major process. But then I remember that there is (relatively) small company that was providing free personal SSL certificates. It took me only a little bit of looking (on DreamHost's) site to find it: StartSSL[5].
3: http://www.dreamhost.com/r.cgi?80519
4: http://en.wikipedia.org/wiki/Server_Name_Indication
It didn't take long for me to figure out something I could do. So, this morning, I created myself a brand new SSL certificate and installed it on my blog. And then helpfully created an `.htaccess` to move viewers over to the SSL version.
There is absolutely nothing on this website that is Not Safe For Work nor is there anything that is morally questionable with my content. I just think that SSL should be used for most traffic (much like Facebook, Google, and other places have enabled it) just like I would prefer to see all emails encrypted.
It isn't much, but it is a step in what I think is the right direction.
I'll move the rest of my domains over to SSL so when June 5th comes around again next year, I can safely say that I have done my bit to help.
Categories:
Tags:
Below are various useful links within this site and to related sites (not all have been converted over to Gemini).