Security in e-commerce — free SSL certificate

Welcome in the second episode of our e-commerce academy. In previous article, you’ve learned something about purchasing process. If you haven’t seen the previous one, you can read it here.

Requirements:
GrandNode — https://github.com/grandnode/grandnode

Security is the key for e-commerce industry. It’s the obvious requirement for each store. Furthermore, it’s also almost requirement for personal blogs and anything you do in the internet. Without it, it would be hard to sell something through internet.

What are your reasons when purchasing something in online stores? One of the most important things are offer credibility and personal data security. And while the first reason is quite broadly understood and is the result of many factors. While the first is the result of our actions, content. The latter reason is strongly influenced by technical aspects of online store.

What makes the store safe?

First of all, it’s a guarantee of security of data sent by our online store. To buy goods online, we are forced to leave your data on the site. How can we trust someone if we see this:

Yeah, you’re right. We can’t trust it. Furthermore, sometimes you won’t see this notification, but you will see a “not secure” label in the URL textbox in the top of the browser.

Finally, the SSL may have impact also on the store recognition by Google. What we can do?

First of all we can purchase the SSL from the domain or hosting provider. The price is price differences are significant. So it is not possible to provide a specific one.

Secondly, you can generate your own SSL certificate. If you have GrandNode, follow the steps below, you don’t have the GrandNode store, just look at the first point and then apply it to your current store platform.

1. How to create free SSL certificate

In this guide I will use the ZeroSSL site, which provides Let’s Encrypt SSL certificates. To create free SSL certificate please go to: https://zerossl.com/free-ssl/#crt

Fill the “Domains” field. For example grandnode.com. Then we have two ways of verification. I will show you how to verify domain on Azure websites, in this case we will have to use HTTP verification.

After clicking on the Next button, the system will generate the CSR for you. You should copy it somewhere or download to your disk. Press next again. In the next step, you will receive the generated private key for you certificate. Download or copy it.

Now you will see the most tricky part of that guide. But please stay calm, it only looks as hard. In the GrandNode 4.40 we added a new feature, that ignores the /well-known/acme-challenge/ path on the server, so you are able to add required file to the GrandNode and verify the SSL.

To create the required file, we need to login to our server. You can do it via FTP client or for example via Putty. I chose the second way. Go to your GrandNode directory and find the wwwroot/content/acme folder. In the mentioned directory create the required file. You can do it manually via FTP client or via the following command:

vi <file name that ZeroSSL website provided>

It will create an empty file, inside the editor, please paste the content of file. You will find it on the ZeroSSL website. Save changes with the ESC + :wq combination. Navigate to GrandNode Admin panel -> Configuration -> Settings -> All settings, search for commonsettings.allowtoreadletsencryptfile and change its value to True.

The verification step is over. You can check the results of your work, just click the link on the file name on ZeroSSL website. If you see the content of file, that you saved a while ago, it will mean that everything is fine.

It’s time to verify domain, please click the “Next” button on ZeroSSL page. In the last step you will find two files — domain.crt and domain.key file. You have to upload them to your server. I will describe that process in the next step.

2. How to install free SSL certificate

This step is very simple. You can base on tutorials available on the web, but let’s look at the steps that I take to install SSL on nginx server.

Open the web server, I used a Putty to connect to it. Go to the nginx directory — /etc/nginx. Create the ssl directory, I used the mkdir command to create it.

It’s required to keep your SSL files in the correct directory. When you finished the last step during the SSL creation, you got two files. Please paste them into the /etc/nginx/ssl directory.

In the next step you will have to modify default.conf of your server. Open it and add following lines:

listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/nginx/ssl/domain.crt;
ssl_certificate_key /etc/nginx/ssl/domain.key;

After that please check the nginx configuration with nginx -t command. If everything is fine, you will have to reload configuration with systemctl reload nginx command.

3. How to configure SSL certificate in GrandNode

Now it’s the time for last touches. Please go to the App_Data directory of GrandNode and edit the appsettings.json file. The most important settings if you use nginx, is at the beginning of the file.

//Use a reverse proxy server - more information you can find at: https://docs.microsoft.com/en-US/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-2.1
"UseForwardedHeaders": true

The UseForwardedHeaders setting must have the “True” value. After that change, restart application and go to Admin panel. In the Configuration -> Stores section, edit the current store and mark the “SSL Enabled” settings. Enter the Secure host value and save changes. And that’s all! As I told you, it looks complicated, but it’s easy even for beginners.

Any problems? Visit our community forum, we are ready to help you.

More than just an e-commerce platform. GrandNode is the most advanced e-commerce platform at the market. Unbelievable? See for yourself!