HTTPS - rishavry/WorksPresentation GitHub Wiki

  • HTTPS, or Hypertext Transfer Protocol Secure, is used to exchange data in an encrypted fashion in order to minimize the risks posed by any eavesdroppers.HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses.

  • In my Megagram project, I would use HTTPS for the project-megagram.com domain.

  • Below are the steps I would take to enable HTTPS for my server.


  1. Enter the terminal-command below to generate the private-key (as yourdomain.key) and csr(as yourdomain.csr) files. The yourdomain.csr file will have the public-key embedded in it.
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

You'll be prompted to enter details:

  • Country, State, City

  • Organization Name

  • Common Name (your domain name)

  • Email address


  1. Submit the yourdomain.csr file to a commercial ssl-certificate provider like DigiCert, Sectigo, etc.

You'll receive the following:

  • yourdomain.crt (certificate)

  • Possibly a CA bundle file (e.g., ca_bundle.crt)


  1. Configure the nginx/apache accordingly. For instance, if you're using nginx:
server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/ssl/certs/yourdomain.crt;
    ssl_certificate_key /etc/ssl/private/yourdomain.key;
    ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;
}

Or if using apache:

<VirtualHost *:443>
    ServerName yourdomain.com

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/yourdomain.crt
    SSLCertificateKeyFile /etc/ssl/private/yourdomain.key
    SSLCertificateChainFile /etc/ssl/certs/ca_bundle.crt
</VirtualHost>

  1. When the ssl-certificate expires, repeat the process, ideally with a new private-key and csr file.
⚠️ **GitHub.com Fallback** ⚠️