Before we discuss in more depth Website Security : How to make a secure website, there are several components of a website that you need to know, some things that need to be considered so that your website can be categorized as a good website, namely:
Web Design (UI & UX)
User interface and User Experience or often referred to as UI & UX are part of “Web Design” where the website to be designed must make it easier for visitors to the website to be able to answer the problems they are looking for.
Performance
The performance of a website also greatly affects the level of goodness of a website, and the fact is that Google (search engine) prefers websites that have high performance than those that are not.
Website Security
All website owners always want their website to have website security features so that their website is safe from attacks or data theft by hackers, one way to increase the website security of a website is by installing SSL on your website
SEO (Search Engine Optimization)
So that the website that you create can be recognized by search engines (Google), you need to improve SEO (Search Engine Optimization), there are several ways to improve SEO, namely:
- Keyword Selection
- Content
- Backlink
- Others
Maintenance
Maintenance of a website needs to be done to ensure that the website that is running has up to date technology. Maintenance of a website also includes performance and security improvements.
Introduction
What is SSL?
SSL stands for Secure Sockets Layer which refers to a type of digital security that allows encrypted communication between a website and a web server.
Meanwhile, the meaning of HTTPS refers to the HTTP extension. Websites that install and activate an SSL certificate can use the HTTPS protocol to make a more secure connection with the server.
- SSL certificate serves to secure information that is privacy in nature, such as personal data, payments or transfers and login information.
- SSL is an alternative to plain text data transfers where the connection to the server is not encrypted. With this certificate, hackers will find it very difficult to penetrate the connection and steal your data.
- That said, some users are familiar with the SSL certificate used by webmasters to secure websites and also provide more protection for clients or visitors regarding transactions.
Why Use SSL?
As explained earlier, SSL users are very useful for both end users and website owners and using SSL is important so that owners seem to care about the “Website security” side. Users have started to care about the importance of internet security in recent years. That means SSL provides an excellent advantage for any modern website.
With SSL, your website will look more professional
Try to remember. Can you name any popular websites that don’t display a small padlock icon in their web address? yes, it can be said that almost all websites currently use SSL on their website.
Business people know what the concerns of website users are when it comes to digital privacy. Therefore, they want customers to know if the site is protected. SSL is the best way to say that your platform is secure. Apart from that, SSL also gives a professional look to any site that uses it.
SSL certificates are very important for e-commerce websites whose business types require important and sensitive information, such as credit card details. The PCI (Payment Card Industry) Standard requires that online payments over SSL have, at least, 128-bit encryption. This encryption as much as possible secures online transactions – excellent advertising for your business brand.
Encrypt Information
The main reason why the use of an SSL certificate is recommended is the layered security it offers. SSL guarantees that every data packet exchanged between the browser user and the SSL-enabled website is protected by the latest encryption techniques. This prevents data theft from being carried out by the desired party. Useful information will not be read because of this encryption technique.
Google likes sites that use SSL
Some companies spend a lot of money on search engine optimization (SEO) without realizing that simply by activating an SSL certificate, they can increase a site’s ranking in Google Search. Websites that use SSL have a higher ranking on Google Sarch than websites that don’t have SSL.
What do you think after reading the meaning and function of SSL on a website? You must feel that SSL has a very important role in a website, where there are many benefits that can be obtained by using SSL on a website.
SSL Type
There are basically 3 types of SSL certificates, namely:
Domain Validation SSL
This SSL only requires domain validation via email so that your SSL certificate can be used, it only takes a few minutes for SSL to be activated.
Business Validation SSL
For organizations or companies that want to activate SSL, several documents are required to meet the requirements needed to create an SSL certificate.
Extended Validation SSL
This SSL is usually used for business, banking and E-Commerce websites, because these websites require a more website security level. Extended Validation SSL does require business documents and costs the highest among other types of SSL certificates.
But there is nothing wrong with paying more for the best service. By choosing this type of SSL, you will get a “Green Bar” in the address bar of the web browser.
In the article “Website Security : How to make a secure website”, I will not use the 3 types as explained, I will use SSL which is made for free. If you are curious, continue reading the article “How to create a safe website”.
What do you think after reading the meaning and function of SSL on a website? You must feel that SSL has a very important role in the security of a website where there are many benefits that can be obtained by using SSL on a website, the next step is the article “Website Security : How to make a secure website” is the process of preparing the SSL installation.
Preparing to Install SSL on Apache
Like the title of this article, which is “Install SSL on Apache“, you need to set up a web server with Apache. For Apache, what I use is Apache, which is installed manually, not using a web server that has been packaged like Xampp or Wampserver.
For the manual installation of the Apache web server, you can see the article “Installing Apache and PHP”.
For the article “Install SSL on Apache” I will use the OS (Operating System) Windows Server 2012 R2 64 Bit. For the steps that you will do in this article, namely:
- Creating a Website and Domain
- Creating an SSL Certificate with Open SSL
- Installing SSL on Apache
If you are ready, then you can enter the next stage.
Make a Secure Website Step 1 - Creating a Website and Domain
Making a website and domain, I will make it simple by displaying the word “Hello World” on the website that we will use to install an SSL certificate, as shown below.
Create index.php
First you need to open the htdocs folder in apache, the directory in this article is C:\Apache24\htdocs. Customize with your apache directory
Create new folder, give the folder name freely
Open the folder that you created, in that folder create a new file named index.php
Next, you open the index.php file using a text editor, in this tutorial I use Notepad ++
Then add a simple script, as shown below
Save the file, then you can close the text editor
httpd.conf Setting
The next step you need to set up on Apache by accessing the httpd.conf file, in this tutorial the directory is C:\Apache24\conf
Open the httpd.conf file with a text editor
Next, you look for the script “include conf/extra/httpd-vhost.conf”, then remove the # sign at the front of the script to activate the virtual host
When finished, you can save the httpd.conf file and then close the text editor.
httpd-vhost.conf setting
In this step, you will need to set up httpd-vhost.conf which has been activated in the httpd.conf setting, for the directory is C:\Apache24\conf\extra
Open the httpd-vhost.conf file in a text editor
Next, you need to copy 1 script to httpd-vhost.conf as shown below
Then paste it at the bottom and delete the # sign in front of this script
Next, you need to change this script, as shown below
On ServerAdmin you can fill it in freely, DocumentRoot must be adjusted to the folder you created in htdocs, ServerName you can change freely, you can change ErrorLog and CustomLog or just leave the default
When you are done, you can save the httpd-vhost.conf file and then close the text editor
Host Setting
At this stage you need to register the domain on the computer or laptop you are using, you need to find a file with the host name in the directory C:\Windows\System32\drivers\etc
Open the hosts file using a text editor
Copy the script as shown below
Then paste the script at the bottom, then remove the # sign at the front of this script
Next, you need to change localhost to a domain like the one in Server Name in the httpd-vhost.conf file
If so, you can save this file, then close the text editor
Testing
Before you can access the local domain that you created in the previous step, you need to restart Apache first which you can see in the article “Installing Apache and PHP”.
Then you can open the browser, in this tutorial I use “Google Chrome” as the browser
In the browser url column, type the domain that you created in the hosts file, for the domain created in this tutorial is “opusitid.site”, then press enter
If you have seen the website appearance as shown below, it means that you have successfully created a domain on the local server
Make a Secure Website Step 2 - Creating an SSL certificate with Open SSL
To install SSL you need to create a certificate and key for the domain you created, at this stage I will give you the steps to create self-SSL using open SSL, to produce 2 files, namely the Certificate and Key.
Download and Install Open SSL
You need to download the Open SSL application
For the version I choose is 1.1v for Windows 64 bit, make sure it matches the OS you are using, select the exe button to download the Open SSL application
If you have already, you can install the Open SSL application by opening the installer that you downloaded
For the installation stage you can do it yourself or search on another website or articles.
Creating Certificates and Keys
If you use the default settings during the installation process, you can see the folder named OpenSSL-Win64 in the program files folder, for the directory is C:\Program Files
Then you can access the bin folder in the OpenSSL-Win64 folder, in the C:\Program Files\OpenSSL-Win64\bin directory
Next you need to open “openssl.exe” as an administrator, by right clicking the mouse on the openssl.exe file and selecting Run as administrator
Then you will see a page like the image below
Type this script “req –x509 –nodes –days 365 –newkey rsa: 2048 –keyout server.key –out server.crt”
Then press enter, then you will see a screen like the image below
Then you only need to fill in each of the questions provided, after you fill in the first question, then you just need to press enter to go to the next question
The last question is the Email Address, you need to pay attention to the Common Name, make sure it matches the domain that you created in the previous step, for the Common Name of this article is opusitid.site, then press enter
You can close OpenSSL then open the bin folder in the OpenSSL-Win64 folder in the C:\Program Files\OpenSSL-Win64\bin directory, then you will see 2 new files with the name server.crt and server.key
Then you can move the 2 files into the folder, in this article I will move the file into the Apache folder, with the name of the cert folder
At this stage you have successfully created a certificate and key using Open SSL, before you can install SSL, you need to install the certificate first
Install SSL Certificate
Install SSL Certificate at this point, you need to install the certificate by opening server.crt
Select “Install Certificate”
Select “Local Machine” then press next
Choose “Place all certificates in the following store”, then select “browse”
Then you select a folder with the name “Trusted Root Certification Authorities”, then press the ok button
Select Next
Select finish, then you have successfully installed the SSL certificate on the computer or laptop you are using, then we will enter the final stage, which is installing SSL on the domain or website that you have created
Make a Secure Website Step 3 - Installing SSL on Website
The difference between a website that has SSL or not is if the website has SSL installed, you can access the web by adding “https://” before the website domain, for example, the opusitid.site domain becomes https://opusitid.site
Setting httpd.conf
You need to enable SSL on apache by opening the httpd.conf file in the apache folder like the previous step
Open the httpd.conf file with a text editor, then activate the SSL module by removing the # sign in the script “LoadModule ssl_module modules/mod_ssl.so”
Then activate the httpd-ssl.conf file, by removing the # sign in the script “include conf/extra/httpd-ssl.conf”
When you have finished changing the script like the steps above, you can save the httpd.conf file, then close the text editor
Setting httpd-ssl.conf
Next, you need to change the httpd-ssl.conf file which has been activated in httpd.conf in the extra folder in the C:\Apache24\ conf\extra directory
Open the httpd-ssl.conf file in a text editor
Next, you need to find the script “SSLCertificateFile”, this script functions to read the SSL certificate
What you need to change is on line 144, change the directory to match the directory where you saved the certificate and key that was created with Open SSL. If I save the certificate in the apache folder the directory is C: \ Apache24 \ cert \ server.crt
Next, you need to search for the “SSLCertificateKeyFile” script, this script to read the SSL key file
Change the directory according to the directory in the previous step, simply change the file extension to key, C: \ Apache24 \ cert \ server.key
When finished, then you can save httpd-ssl.conf then close the text editor
Setting httpd-vhost.conf
Next you need to reopen httpd-vhost.conf, this file is located in the same folder as httpd-ssl.conf
Open the httpd-vhost.conf file with a text editor, then look for the virtual host that was created during the website or domain creation stage
Copy and paste the virtual host at the bottom of the text editor
Change the number 80 to 443, this number is the port that will be used by the web server
Next, you need to add a new script at the bottom after CustomLog, the script is like the image below
Then the complete script for Virtual Host with port 443 is as shown below
When finished, you can save the httpd-vhost.conf file and close the text editor
Testing
As before, if you have finished changing the settings file in Apache, you need to restart Apache first so you can run the changed settings or new settings.
Then you can open the website that you have created with a browser
Next, on the front of the domain, add https://, the domain created in this tutorial is opusitid.site to https://opusitid.site, then press enter
If you see a screen like the image below, the cause is that the certificate we created is not authentic, which causes the certificate to become “unsafe”, you need to press the “advanced” button.
Then select “Proceed to your domain (unsafe)”
Then you will see the words “Not Secure” to the right of the browser url
To see the certificate installed, you can press Not Secure, then press Certificate
You will see a certificate that has been created with Open SSL
If your results are the same as the image above, then you have successfully installed SSL on the domain or website on the Apache web server, this is the last stage of how to make a secure website article.
Conclusion
Website Security : How to Make a Secure Website
After we have gone through many steps in article Website Security : how to make a secure website, from creating a domain or website on a local basis on the Apache web server, to installing SSL.
In general, if you already have a domain or website as well as certificates and keys that were generated through official institutions like GoDaddy, you only need to start from step 3 in article how to make a secure website.
Installing an SSL certificate on the Apache web server is not complicated and difficult because almost all of the supporting scripts for SSL installation have been provided by this web server. If you feel helped by this article (how to make a secure website), don’t forget to share the article on how to create a secure website with your friends who need important SSL information and a tutorial on installing SSL on Apache.
Other Marketing Advertisement
You can also use our services, we provide website creation services, where we really pay attention to aspects such as UI & UX, Performance, Security and SEO. We use WordPress technology in updating the website, we are also very concerned about how to create a secure website, not only relying on SSL. You can see our portfolio on the opusisv.com website.
We also have some of the services you may need
Starting an internal IT Contact Centre or Helpdesk today is even a more challenging task today then yesterday due to the rise in customer expectation, pervasiveness of technology and rapid commoditization of Contact Centre or Helpdesk IT services. The justification on business ROI to start a Contact Centre or Helpdesk operation is as daunting as heavy initial investment is needed and accurate forecast of business growth is required, which is difficult to predict in the current volatile business environment.
IT Helpdesk is important to business internally and externally. We provide one-stop IT Helpdesk services to help clients troubleshoot and prevent IT downtime, as well as assist our IT clients in dealing with their customers. With our expertise in IT service management
IT Helpdesk is important to business internally and externally. We provide one-stop IT Helpdesk services to help clients troubleshoot and prevent IT downtime, as well as assist our IT clients in dealing with their customers. With our expertise in IT service management
