https is now the default protocol

On June 5th the EFF called for people to ‘Reset the Net’ and do something to enhance their privacy on the net. I have put off switching to https for my sites because I host them using S3 and CloudFront , and up until recently it was extremely expensive to use a SSL certificate with your site. But now, thanks to SNI support in CloudFront , the cost is just slightly more than for http requests.

The switch was fairly painless. I bought an inexpensive SSL cert from www.namecheap.com , and followed the directions from here for setting up a certificate for use with SNI. You need to have the AWS cli tool installed in order to upload the certificate to your IAM certificate store. There is no web interface that I could find. When uploading the CSR to NameCheap I selected Apache+OpenSSL as the webserver since I created the key with openssl on Linux.

You then go to your CloudFront dashboard , edit the domain and select the certificate to use. Make sure you also select the Only Clients that Support Server Name Indication (SNI) option, otherwise you’ll find yourself with a big bill for using a dedicated IP. On the domain’s Behaviors tab you can select Redirect HTTP to HTTPS and now all your visitors will be automatically redirected to use https on your site.