Tuesday, 6 March 2018

HTTP is dead, long live HTTPS

"FTP is deprecated, HTTP is deprecated, at least it should be now that we have secure replacements"

Really not sure where I read that quote. One of the traps of being in the industry so long. It might have been on a security mailing list back in the early naughties. I remember vehemently nodding in agreement... I've been sad for years that my own site was still not running SSL/TLS. I've endeavored a number of times to get it up to HTTPS. But see I am cheap, and I use Bloggers free service for my domain (blogger for your domain), so HTTPS wasn't available.
Well it is now, and I thought I'd do a quick how to, for those that also have blogger.

It is really simple, like blogger has been for all those years. But it looks to be a beta feature (how long did google stay in beta for...). So you need to visit https://draft.blogger.com. If you are already logged in to blogger, you'll be logged in here too.

Now simply click on settings and scroll down to the HTTPS section. Change the first drop-down to: "Yes".
Now wait about 20minutes as google generate you a https://letsencrypt.org certificate and apply it your site. Come back to this section and change the HTTPS redirect to "Yes" as well. And if like me you have multiple blogs, go through each and change them all to the same.

Obviously not a super technical post this time, but good to see even free (as in beer) services get security features of sorts.
Of course, if you have any other kind of hosting, get a letsencrypt cert and use it, the future is encrypted.

No comments:

Feel like donating to me, Bitcoin; 1BASSxgFZ2j8VfXFrWJHNvYdQXDtJKAUuN or Ethererum; 0x2887D4B4fe1a7162D260CeA7E1131AF8926bd87F