To enable HTTPS for your website you’ll need to get and configure the required SSL/TLS certificates on your server.
Start with choosing a trusted certificate provider. There are many authorities who give certificate free for 90 days.
"Let’s Encrypt" is most popular open Certificate Authority.
"SSL for free" issues certificates using "Let’s Encrypt"
1. Go to
SSL FOR FREE
2. Enter your website to secure ( IP address do not work, you have to enter a registered domain name )
3. Select Manual Verification ( DNS ) option
4. Manually verify Domain
5. Go into the DNS management page that your domain and add TXT records with given key and value.
6. Now download SSL certificate.
The downloaded archive will have a certificate, bundle, and key. Extract the zip file and copy certificate and key to your ubuntu server.
Now you have to install this certificate in client and server.
Client Installation.
For the angular client, you need to add the following options to
ng serve command in the package.json
--port 443 --disableHostCheck true --ssl --ssl-cert /home/ubuntu/certificate.crt --ssl-key /home/ubuntu/private.key
Note that port is 443. You have to open the port 443 in your security Group/ Firewall.
"scripts": {
"ng": "ng",
"start": "ng serve --host 0.0.0.0",
"build": "ng build --prod",
"test": "ng test",
"lint": "ng lint",
"e2e": "ng e2e"
}
Restart client.
Server Installation.
This tutorial assumes that your server is Java Spring Boot.
You need to generate a key store for the server.
openssl pkcs12 -export -in certificate.crt -inkey private.key -out keystore.p12 -name server
This above step will ask for a password. Please enter the password and remember it.
Go to application.properties file and add following key value pairs.
server.port: 8443
server.ssl.key-store: keystore.p12
server.ssl.key-store-password:
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: server
Now clean buid and restart the server.
For python Flask Server.
from flask import Flask
app = Flask(__name__)
@app.route("/")
def hello():
return "Hello World!"
if __name__ == "__main__":
app.run(host='0.0.0.0',ssl_context=('/home/ubuntu/certificate.crt', '/home/ubuntu/private.key'))
port is 5000 by default.
Now you can access your website using https://your-domain.com
Also, import the certificate to java trust store.
Import to trust store :
keytool -import -alias server -keystore /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts -file /home/ubuntu/certificate.crt
To know your java home on ubuntu
readlink -f /usr/bin/java | sed "s:bin/java::"
$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts