Recently I have walked the talk and have moved my personal site to HTTPS.
Although I have already moved, redirected and configured many many web front end to use SSL, I haven’t got around to implement this to my own websites. In comparison, my site is not a transactional site or doing any registration – I only use this as my portfolio site as well as a live test environment where I can experiment, learn, validate and do pretty much everything without any impact to anyone but me.
There are a lot of articles here, here, here, here, here and there regarding the pros and cons of having a site over HTTPS. Basically from what I am reading now is it has an additional cost and additional load but it has to be done.
And thanks to modern tech, the move is fairly easy:
- Choose your CA. – Validation and Order
- Create CSR – Using a tool or MMC / Inetmgr
- Install PFX to your website. – Azure Website Basic Tier and Above.
- Auto redirection – using IIS URL Rewrite Rules (Azure) with a demo of TFS Online 🙂
So here’s my contribution to the secure modern web! Happy SSL!
So this exercise got me thinking, we are really in the age of the cloud service already. From requesting certificates to installation, scaling my application and even a source code rebuild-test-deploy scenario and I haven’t touched not a single MMC or any server directly. The old concepts are there from web deploy about file being used or using a IIS manager to request for a CSR and fulfilling the certificate request but in a modern way. Difference is I used to do MSTSC but now, I am talking to the web browser. This could have taken days to do or even weeks not to mention there would be misconfiguration from my end but now, I am up and running “as I wish”. Hmm. 🙂