I’m using this post to document how I upgraded my blog for HTTPS.
The first thing I needed to do was to get a SSL certificate. I really didn’t feel like paying for one, so I went with a free certificate from StartSSL. Their free certificates expire after a year (I wish it was longer), so I’ll need to do this again next year. But they work and… they’re free.
After I got my p12 certificate above, I asked my web host (Arvixe) to set everything up. It took them about 2 days (it was the weekend though, so maybe it would have been faster if it was during the week). This was pretty much the easiest part since all I had to do was to provide them with the cert, and they got it installed and set up the correct ports for HTTPS.
At this point, I could browse my site using HTTPS. I did have some security warnings, and to fix those I had to update my stylesheets with secure paths to my images. Also, I needed to update some script paths, as they were not secure either.
Finally, I added a rule into my web.config file so that all traffic always gets re-routed to HTTPS.