We've talked a little about security here on Head in the Cloud. One of the minimum bars that you can employ is having a proper SSL Certificate. The SSL Certificate serves two functions.
- It provides an online ID that has been verified by a third party called a Certificate Authority.
- It provides the certificate that is used to encrypt data traveling back and forth from the user's brower and the server side.
The following video gives a fairly simple explanation of it all.
But there's a new kid on the block called Let's Encrypt. These guys have opened a new certificate authority that is free, automated and open sourced. The non-profit behind the service is Internet Security Research Group which has a number of folks from different companies. They've got sponsorship from Mozilla, Akamai, Cisco, Electronic Frontier Foundation and more.
Cal Evans recently blogged about his experience setting up Let's Encrypt on his server at How I got Let's Encrypt Setup and Operating. He's got setup scripts, renewal scripts and everything working great for Apache on CentOS.
If you're not using Apache on CentOS, you can look at the different clients at the Let's Encrypt List of Client Implementations.
That should get you started - enjoy!