TJ is Blogging!

 If you are converting Moodle site from HTTP to HTTPS or setting up from the scratch, it will be a bit tricky as I also experienced. By the way, I'm not going to talk about how to install the SSL certificate here. This is only about the Moodle configurations you have to do after that. There are two ways you can do this. 1. Enable HTTPS using a proxy or an ELB If you have this setup, then again we need to change the config.php as below. //Change the URL to https $CFG->wwwroot = ' https ://my.moodle.site.edu'; //Add the following line $CFG->sslproxy = true; If the SSL proxy configuration is not enabled, your browser will keep trying to redirect.  You should enable this configuration if you have SSL termination from a proxy or a load balancer. I tried this with an AWS ALB (Application Load Balancer).  If you don't change the config, it will fail to load the styles and Javascript. 2. Enable HTTPS in Apache server This is if HTTPS is enabled in the Apache server on...

There are so many tutorials and explanations on the Internet to show how HTTPS works, but most of them tell half of the story. You may end up with so many questions, like where the certificates fit in? Where is the TCP stuff? How does the encryption works? How the trust works? So, I made this diagram to fit the pieces of the puzzle together and show you how they all fit in an HTTPS request. Some of the low-level parts I didn't include and also each step in this would be briefed not to confuse anybody and make it short as possible to understand. Here, the client could be a typical web browser (or even another application whoever can communicate with a website or an API). Something you have to know before you check the diagram is public, private, and shared keys. To know this, we have to learn about encryption because we use these keys to encrypt data. There are two encryption types. 1. Asymmetric encryption aka. public-key encryption 2. Symmetric encryption aka. shared...

This is a quick post about extracting SSL certificates from websites, we'll need this step for some of the future posts that I'm going to write about SSL and HTTPS stuff. In general, you may want to extract this whenever you are trying to use some tool (not a web browser) or a code to access this website. Then after extracting this, you will require to install this into your tool or framework. With this post, I'm just covering the extraction part. I'll use the Chrome browser since it is one of the common browsers that is being used. In my example, I'm going to extract the public certificate of  https://letsencrypt.org/ . (Let's Encrypt is one of the free Certificate Authority, probably I'll discuss this in one of the future posts.) 1. First, go to the website using the Chrome web browser. The website has to be in HTTPS. Otherwise, we don't want to do this in the first place. So, make sure your URL is starting with https://... 2. Click on th...