For me using SSL/TLS for websites or connections between servers and clients in general - think of PostgreSQL connections or OpenLDAP - is no rocket science and my daily business. But in the last months i read a lot of tweets and articles about that topic and talked to some developers and sysadmins like me and was kind of shocked that a lot of people do not really know what SSL/TLS exactly is or how to set up simple encrypted connections or even encrypt a single website.
Since Google recently introduced SSL/TLS as a ranking factor and a lot of people started to encrypt their websites - by the way, everyone should do that even if it is only a private blog - this topic needs to get more attention and clarification on how to use it and set it up correctly.
I would like to try that by creating a series of blog posts about SSL/TLS, what it is, how you can enable it for websites or services and even how to create your very own CA (Certificate Authority) to use it in your company to internally encrypt your sites and services without spending too much money buying expensive certificates from a "trusted" CA.
I will also try to clarify some terms and questions on the SSL/TLS topic. All posts of this series will start with "SSL/TLS:" in the topic. Feel free to contribute or tell me which topic i should cover.
Because it is a common use case to encrypt a single website with a cheap valid certificate, i want to start with this here. How you can improve the security of your new SSL setup will be in a separate post so this one stays beginner friendly.