TLS (SSL) Setup

Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL), is a protocol to identify servers unambiguously, and to encrypt all data traveling between Server and Client transparently. Similarly, also the client can identify itself unambiguously to the server, if desired (which is usually not the case with public reachable internet resources).

TLS relies on public/private keys: The server presents its public key ("certificate"), and the client uses this key to encrypt communication to the server. Only the server can decrypt the data, since only the server holds the private key for the certificate. To avoid man-in-the-middle attacks, the public key of the server itself is signed with the private key of a trustworthy organization. All browsers check such signatures and issue a warning, if a server's certificate is not signed by such an organization (Since many of these organizations are in fact controlled by the NSA, according to Edward Snowden, they are not really trustworthy, but that's another story)

So, to implement TLS, you first need such a Website Certificate, which is signed by one of these organizations. Such a certificate will cost you a substantial yearly fee.

For testing purposes, or for a private server, you can use a self signed certificate. This won't cost you anything, but a visitor will get a warning of the browser, claiming a bad or invalid certificate.

Here's how to create and use self signed certificates for Webelexis.

1 make sure you have a Java JDK (not only a JRE) installed. The JDK contains a program called "keytool", which we need. 2