Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Overview of SSL: choose the option that's right for you


Published on

Keeping communication between your visitors and your website secure and confidential has never been more important. Data can be vulnerable to theft as it’s transferred to and from your website. One simple solution to this security threat is to encrypt your traffic with SSL (Secure Sockets Layer).

SSL encryption ensures the data transferred between your visitors and your site is safe from data theft, and having SSL enabled can also boost your Google search rankings.

CloudFlare has made it simple and easy to add SSL to your site: you don’t have to purchase a separate certificate or install anything. In this webinar CloudFlare’s solution engineer Peter Griffin explains the key features of SSL, and walks you through the simple process of getting SSL running on your site.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Overview of SSL: choose the option that's right for you

  1. 1. CloudFlare and SSL keep your site and data safe with SSL Elenitsa Staykova Marketing, CloudFlare Peter Griffin Solutions Engineer, CloudFlare
  2. 2. Agenda ● Introduction ● CloudFlare overview ● SSL options with CloudFlare ○ Upload of custom certificate ○ GlobalSign provisioning options ● SSL configuration demo ● Conclusion / Q&A
  3. 3. CloudFlare Overview CloudFlare Security and Performance for web applications, from 28 global locations (and growing!)
  4. 4. CloudFlare Overview ● Global: 28 locations, and growing ● Anycast Routing: BGP routes to CloudFlare IP ranges are announced from each location, traffic is handled regionally ● Robust: Each node performs all tasks: DNS requests, security checks, performance transformations, and caching ● Reliable: Built-in redundancy, load balancing, and high availability. ● Intelligence: over 1 million sites using CloudFlare, unparalleled view into “Layer 7” / HTTP-based attacks ● Capacity: CloudFlare has mitigated the largest disclosed DDoS attacks to-date
  5. 5. How CloudFlare protection works ● Protected hostname resolves to CloudFlare IPs via DNS ● Back-end IP address hidden, locked-down to allow only CloudFlare IPs ● HTTP/S requests, UDP attack traffic goes first to CloudFlare ● CloudFlare only proxies valid, acceptable HTTP requests. Everything else is dropped
  6. 6. SSL on the web
  7. 7. What is SSL / HTTPS? (briefly) 1. HTTP over encrypted SSL/TLS session 2. Uses public key cryptography 3. Verifies identity (of websites) 4. Encrypts communications
  8. 8. Google looking at HTTPS for ranking “...over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.” signal.html
  9. 9. CloudFlare provides high quality HTTPS
  10. 10. CloudFlare’s SSL Options
  11. 11. SSL Provisioning Options Upload your own key pair ● CloudFlare can present your existing SSL cert to your users ● Keys are never stored on-disc, only decrypted on demand ● Uploaded via web interface Have CloudFlare provide a GlobalSign SSL cert ● Valid for *, and the root ( ● *.* (subdomain of subdomain) NOT supported ● Ownership of your domain must be verified by GlobalSign before they will provision the certificate.
  12. 12. GlobalSign domain verification GlobalSign needs to know you own the domain! Verify via HTML <meta/> tag ● HTML <meta/> tag provided by CloudFlare must be placed within the <head/> section of the landing page at either your root, or your www. ● GlobalSign will check that verification code is valid, and add *. and on the SSL certificate Verify via proxying ● Cert provisioned once CloudFlare-proxying is observed on either the root domain, or the www. subdomain ● 10 to 15 minutes of SSL browser warnings until the presented cert is updated
  13. 13. SSL Operating Options
  14. 14. Changes to your web application
  15. 15. Switching to HTTPS:// URLs! CloudFlare “Always Use HTTPS” Page Rule ● Automatically redirects requests for all subdomains AND the root to the corresponding HTTPS URL
  16. 16. Switching to HTTPS:// URLs! Stop using HTTP:// in your HTML! ● Search engines will follow the links it finds -- you don’t want the search engine crawlers dealing with redirects for every page they read on your site! ● Relative URLs are good!
  17. 17. Switching to HTTPS:// URLs! Google’s webmaster guidelines ● Google has good resources and HOWTOs, and making sure that the Google Bot can crawl+index your HTTPS site: Recommended viewing! ● “Google I/O 2014: HTTPS Everywhere” -- goes into much more v=cBhZ6S0PFCY
  18. 18. Thank you!