Enable https for a production django application
199 views
Skip to first unread message
BIJAL MANIAR
Dec 4, 2017, 8:03:12 AM12/4/17
to Django users
Hello,
We need to enforce an https connection for production django application running with apache and mod-wsgi. Can anyone please help me with what it will take to implement this.
Thanks,
Bijal
Jani Tiainen
Dec 4, 2017, 8:06:35 AM12/4/17
to django...@googlegroups.com
Hi,
You just need to redirect (permanently) all traffic to port 80 to
443 in your Apache config.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/16075809-a4f6-4174-b9a3-a545ade434ef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-- Jani Tiainen
BIJAL MANIAR
Dec 4, 2017, 9:15:50 AM12/4/17
to Django users
Do we need to purchase SSL certificate? Any links on that would be helpful.
Thanks,
Bijal
Jani Tiainen
Dec 4, 2017, 9:21:34 AM12/4/17
to django...@googlegroups.com
Hi,
You need SSL sertificate, sure.
For private testing you can create self-signed certificates.
[1] https://letsencrypt.org/
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/f94fdd56-5a8c-4aa9-9f41-de3909b34a12%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-- Jani Tiainen
SHAILESH NEGI
Dec 4, 2017, 10:08:20 AM12/4/17
to django...@googlegroups.com
Hey Bijal,
You need to purchase the SSL.
Follow the link.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/f94fdd56-5a8c-4aa9-9f41-de3909b34a12%40googlegroups.com.
Thanks & Regards,
SHAILESH NEGI
SHAILESH NEGI
Thiago Luiz Parolin
Dec 4, 2017, 10:15:30 AM12/4/17
to django...@googlegroups.com
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAEFKsYPq2BGpg38LXC4kbXUTqfy6wS%2Btgusoce%2ByZxh56QLteQ%40mail.gmail.com.
Jason
Dec 4, 2017, 12:12:23 PM12/4/17
to Django users
Let's Encrypt is great, especially with wildcard certificates coming next month. Downside is they're time-limited to 90 days of validity, so you'll have to come up with some automatic process to regenerate the certificate. Fortunately, the process is well documented and simple to execute.
Tim Chase
Dec 4, 2017, 1:58:56 PM12/4/17
to django...@googlegroups.com
On 2017-12-04 01:15, BIJAL MANIAR wrote:
> Do we need to purchase SSL certificate? Any links on that would be
> helpful.
There are two types of cert: DV ("Domain Validation" merely lets you
> Do we need to purchase SSL certificate? Any links on that would be
> helpful.
know that you're securely talking with the domain you think you are)
and EV ("Extended Validation" where they actually check up on you,
verifying your identity as a business/individual).
You can get free DV certs through several providers, but setting it
up with Let's Encrypt is broadly supported on a variety of
platforms. They're only valid for a fairly short period of time (90
days, IIRC) but there are good tools to automate the renewal of the
cert.
https://letsencrypt.org
For an EV cert, you have to pay and submit various forms of
documentation. I've heard good things from multiple people about
obtaining theirs from DigiCert and multiple complaints about Comodo.
https://www.digicert.com/
Hope this helps,
-tkc
Tim Chase
Dec 6, 2017, 12:11:42 PM12/6/17
to django...@googlegroups.com
Sorry, forgot to mention OV ("Organization Validation") certs.
There's a good comparison here
https://www.ssl.com/article/dv-ov-and-ev-certificates/
Additionally, you *can* self-sign your own cert but it will throw up
an "untrusted cert" warning to your users. This used to be a viable
option for free certs before Let's Encrypt but now there's really no
reason to have self-signed certs.
-tkc
There's a good comparison here
https://www.ssl.com/article/dv-ov-and-ev-certificates/
Additionally, you *can* self-sign your own cert but it will throw up
an "untrusted cert" warning to your users. This used to be a viable
option for free certs before Let's Encrypt but now there's really no
reason to have self-signed certs.
-tkc
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group. To unsubscribe from this group and
> stop receiving emails from it, send an email to
> django-users...@googlegroups.com. To post to this group,
> send email to django...@googlegroups.com. Visit this group at
> https://groups.google.com/group/django-users. To view this
> discussion on the web visit
> https://groups.google.com/d/msgid/django-users/20171204075738.2f9c25f9%40bigbox.christie.dr.
> You received this message because you are subscribed to the Google
> Groups "Django users" group. To unsubscribe from this group and
> stop receiving emails from it, send an email to
> django-users...@googlegroups.com. To post to this group,
> send email to django...@googlegroups.com. Visit this group at
> https://groups.google.com/group/django-users. To view this
> discussion on the web visit
Reply all
Reply to author
Forward
0 new messages