I’ve been meaning to get an SSL certificate for the blog for some time, and prompted by how cheap they now are, I have finally set it up. All HTTP links should still be valid, but will redirect to their HTTPS equivalent.
The switch is mainly to protect my credentials when I am logging on using public wifi, but I am also interested to see what effect it has on SEO; reportedly Google is now using sitewide encryption as a contributory factor in its page ranking algorithms. Of course, I get some geek fun out of the project too.
Since I am not a cryptographer, it is nice to be able to get an automated analysis of my server configuration. I am therefore grateful to the folks at Qualys SSL Labs, who have made a free tool available for just this purpose. My default Apache configuration only gave me a ‘C’ rating, but thanks to this helpful article, I am upgraded to a rather smug ‘A’ category. I expect I will need to test it periodically, as new threats and vulnerabilities emerge.