If you have forms on your site that take a user’s personal details, you should protect the page by running it under HTTPS. That way, any data that’s posted from the form (email address, credit card number etc) is encrypted and hidden from prying eyes. It’s not just e-commerce sites that should be protected. Intranets and other line of business apps that require authentication, blogs with comment forms that ask for email addresses and so on. The main barrier to this in the past has been the cost of the digital certificate (SSL Certificate) that asserts that you are who you say you are. LetsEncrypt is a free, automated, and open Certificate Authority that removes this barrier.
LetsEncrypt is operated by the Internet Security Research Group (ISRG), and is a Linux Foundation Collaborative Project, which is also responsible for the Linux operating system and Nodejs among other projects. LetsEncrypt is supported by a range of organisations including Mozilla, Chrome, Akamai and Facebook. The certificates that LetsEncrypt issues are recognised by all major browsers, which results in the familiar padlock symbol being displayed on properly secured sites:
Obtaining a certificate
Full details of how LetsEncrypt works can be found on their site. Suffice to say, you need a client program running on your web server that implements the ACME (Automatic Certificate Management Environment) protocol so that it can successfully communicate with LetsEncrypt. A number of these are available. I chose to use letsencrypt-win-simple, which is a command line interface (CLI) client. Despite that, it really is very simple to use. The latest version is 1.9.1 at the time of writing. Here’s a step-by-step guide to using letsencrypt-win-simple:
Download and unzip the contents to a folder for later user. I chose C:\LetsEncrypt as a location.
Open the folder, right click on the .exe file and choose Run as Administrator
Following the onscreen prompts, first provide an email address for renewal failure notifications.
Agree to the terms and conditions.
The application then scans the site bindings in IIS and asks which one you want to get a certificate for.
Enter the number and press Return. Note, if you have more than 50 sites registered with IIS, the screen will paginate the list. In that case, it might be a good idea to make a note of the number of the entry you want to request a certificate for.
And that’s pretty much it. The application takes care of obtaining the certificate and storing it. It will also create a scheduled task to request renewals as certificates expire. And it will add new bindings for the site if necessary, defaulting to port 443 for https.
Redirect non-https traffic
One thing that you may want to do is to ensure that all traffic goes to the https version of your site. If o uhave access to the server (which is the assumption in this article) you should install the IIS Rewrite Module if you haven’t already done so, and then add the following to your web.config file:
The Samsung Galaxy X Cover 2 (GT-S7710) is a very very bad product from Samsung. It is completely useless if you are using more than 2 apps. The reason is that 4 GB of memory on the phone is not near enough with all the $hit Google (and Samsung) pre-install. So 4 GB is completely under dimensioned.
Anyway I want to try and install a lighter version of Android on it to make the phone useful for a friend. I would prefer to install Cyanogenmod – since I know that system, and don’t want to mess with too much software that I don’t know – because of security reasons.
I have read that CM 10.1 could be a good choice. CM 11 could be too heavy for the not so powerful phone. Maybe I go with CM 10.2?
The biggest issue to solve is to be able to install more apps on the SD card. And to get rid of most of the pre-installed apps. But probably I would still need the Google Play Store – which can undermine this project!