Cloudera recently introduced a new way of self learning for Employees, especially in the Support organization, that allows each engineer to spend 1 week off our duty to do full self-learning offline, every 4-6 months. There are lots of topics to choose from, including some public available courses to anything that we are interested in and also useful for our day to day work. This week is my turn and I have chosen SSL/TLS to enhance my experience with CDH, because I have faced lots of issues from customers who face TLS related issues across wide range of CDH components, including Hive, Impala and Oozie etc, so I need to skill up my knowledge in this area.
This is my second day into the week and I have finished two courses about TLS on Lynda.com:
Learning Secure Sockets Layer
SSL Certificate for Web Developers
As part of the learning, I have enhanced my knowledge on SSL/TLS and understand the process of how to enable SSL/TLS for a website, from generating private key up until getting certificate signed and eventually enabled on Apache/Ngnix web server. And I think it is great time to enable SSL/TLS for my own blog as well, because the traffic to my blog has increased in the last couple of years and I do receive comments from my various blog posts every now and then. So securing my blog is a logical next step.
As part of the course in SSL Certificate for Web Developers that provided by Kevin Skoglund, Kevin has suggested that since 2016, Let’s Encrypt has started offering free, automated signed certificates to general public. So why not use it to get my blog secured? Even though the certificate needs to be renewed every 90 days, Certbot, the tool provided by Let’s Encrypt, not only installs certificate for you with ease, but also can setup a cron job to renew the certificate automatically. All you need to do is to install Certbot from here, select the web server and OS that match your site and follow instructions, and your site can be secured by SSL/TLS in a few minutes.
Don’t forget that you also need to open port 443 from your cloud service, if you are using AWS or Google Cloud, as by default port 443 is disabled. Instructions are different depending on where your host is, so please Google around as this topic goes beyond the scope of my post here.
I highly suggest you to do this, because the trend in all modern browsers is that they will all issue warnings to visitors if the site they are visiting is not secured and your site will just look unprofessional, insecure and visitors will think twice before entering any details on your site, including submitting a simple comment. The number of sites getting secured is increasing and it will become the standard, below are some stats from Let’s Encrypt since launched in 2016:
So, with this free service, it is time to secure your site without hesitation.
