Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tales from the Let's Encrypt

Tales from the Let's Encrypt

2ccd8593c0f2ac6c9b91ee79bff5b63f?s=128

Beth Haubert

August 16, 2016
Tweet

More Decks by Beth Haubert

Other Decks in Programming

Transcript

  1. TALES FROM LET’S ENCRYPT BETH HAUBERT LET’S EN BETH HAUBERT

    PRESENTS
  2. TABLE OF CONTENTS ‣ SSL OVERVIEW ‣ HOW TO GET

    A CERTIFICATE ‣ LET’S ENCRYPT!
  3. SECURE SOCKETS LAYER (SSL)

  4. SSL OVERVIEW • So that customers trust that a site

    is secure and that their information won’t get stolen in transit from their browser to the server. • The need for encryption is becoming the rule, not the exception as web interaction become more complex. WHY DO YOU WANT SSL?
  5. SSL OVERVIEW • A layer of encryption is added between

    the client and the server. • This encryption uses private/ public keys and certificates that contain important info about the organization that owns the site. • A trusted third party (like Digicert or Verisign) validates the identity of the certificate and server. HOW SSL WORKS
  6. SSL OVERVIEW • A text file with encrypted data that

    you install on your server WHAT IS AN SSL CERTIFICATE
  7. HOW TO GET A CERTIFICATE

  8. HOW TO GET A CERTIFICATE • Fill out a CSR

    (certificate signing request) • Send it to a certificate authority (CA) • If you’ve submitted the correct info, the CA will validate your domain and other info • Receive and install the issued certificate GET THAT CERT!
  9. LET’S ENCRYPT! (WHAT IS IT?)

  10. LET’S ENCRYPT • Let’s Encrypt is a Certificate Authority (CA)

    • It’s free, which is awesome GET THAT CERT!
  11. LET’S ENCRYPT • https://letsencrypt.org/docs/client-options/ SO MANY CLIENTS

  12. ADDING LET’S ENCRYPT TO A RAILS APP ON A HEROKU

    SERVER
  13. LET’S ENCRYPT STEP 1: GET THE CLIENT RUNNING ▸ brew

    install certbot ▸ sudo certbot certonly --manual
  14. LET’S ENCRYPT STEP 2: ▸ Follow the prompts until you

    see this:
  15. LET’S ENCRYPT STEP 3: SET UP YOUR APP & VALIDATE

    URL ▸ Configure your new route ▸ Add a LETSENCRYPT key to your config file: ▸ heroku config:set LETSENCRYPT=(value) -r production ▸ Add a controller method
  16. LET’S ENCRYPT STEP 4: ADD THE CERT TO YOUR HEROKU

    APP ▸ heroku addons:create ssl:endpoint -r production ▸ sudo heroku certs:update /etc/letsencrypt/live/ www.omeowha.com/fullchain.pem /etc/letsencrypt/live/ www.omeowha.com/privkey.pem -r production ▸ Edit your DNS using the new value.
  17. https://letsencrypt.org/ getting-started/ http://collectiveidea.com/ blog/archives/2016/01/12/ lets-encrypt-with-a-rails- app-on-heroku/ https://opensource.com/ business/16/8/lets-encrypt