Tales from the Let's Encrypt

TALES FROM LET’S ENCRYPT BETH HAUBERT LET’S EN BETH HAUBERT
PRESENTS

TABLE OF CONTENTS ‣ SSL OVERVIEW ‣ HOW TO GET
A CERTIFICATE ‣ LET’S ENCRYPT!

SECURE SOCKETS LAYER (SSL)

SSL OVERVIEW • So that customers trust that a site
is secure and that their information won’t get stolen in transit from their browser to the server. • The need for encryption is becoming the rule, not the exception as web interaction become more complex. WHY DO YOU WANT SSL?

SSL OVERVIEW • A layer of encryption is added between
the client and the server. • This encryption uses private/ public keys and certiﬁcates that contain important info about the organization that owns the site. • A trusted third party (like Digicert or Verisign) validates the identity of the certiﬁcate and server. HOW SSL WORKS

SSL OVERVIEW • A text ﬁle with encrypted data that
you install on your server WHAT IS AN SSL CERTIFICATE

HOW TO GET A CERTIFICATE

HOW TO GET A CERTIFICATE • Fill out a CSR
(certificate signing request) • Send it to a certificate authority (CA) • If you’ve submitted the correct info, the CA will validate your domain and other info • Receive and install the issued certificate GET THAT CERT!

LET’S ENCRYPT! (WHAT IS IT?)

LET’S ENCRYPT • Let’s Encrypt is a Certiﬁcate Authority (CA)
• It’s free, which is awesome GET THAT CERT!

LET’S ENCRYPT • https://letsencrypt.org/docs/client-options/ SO MANY CLIENTS

ADDING LET’S ENCRYPT TO A RAILS APP ON A HEROKU
SERVER

LET’S ENCRYPT STEP 1: GET THE CLIENT RUNNING ▸ brew
install certbot ▸ sudo certbot certonly --manual

LET’S ENCRYPT STEP 2: ▸ Follow the prompts until you
see this:

LET’S ENCRYPT STEP 3: SET UP YOUR APP & VALIDATE
URL ▸ Configure your new route ▸ Add a LETSENCRYPT key to your config file: ▸ heroku config:set LETSENCRYPT=(value) -r production ▸ Add a controller method

LET’S ENCRYPT STEP 4: ADD THE CERT TO YOUR HEROKU
APP ▸ heroku addons:create ssl:endpoint -r production ▸ sudo heroku certs:update /etc/letsencrypt/live/ www.omeowha.com/fullchain.pem /etc/letsencrypt/live/ www.omeowha.com/privkey.pem -r production ▸ Edit your DNS using the new value.

https://letsencrypt.org/ getting-started/ http://collectiveidea.com/ blog/archives/2016/01/12/ lets-encrypt-with-a-rails- app-on-heroku/ https://opensource.com/ business/16/8/lets-encrypt

Tales from the Let's Encrypt

Tales from the Let's Encrypt

Beth Haubert

More Decks by Beth Haubert

Other Decks in Programming

Featured

Transcript

TALES FROM LET’S ENCRYPT BETH HAUBERT LET’S EN BETH HAUBERT

TABLE OF CONTENTS ‣ SSL OVERVIEW ‣ HOW TO GET

SECURE SOCKETS LAYER (SSL)

SSL OVERVIEW • So that customers trust that a site

SSL OVERVIEW • A layer of encryption is added between

SSL OVERVIEW • A text ﬁle with encrypted data that

HOW TO GET A CERTIFICATE

HOW TO GET A CERTIFICATE • Fill out a CSR

LET’S ENCRYPT! (WHAT IS IT?)

LET’S ENCRYPT • Let’s Encrypt is a Certiﬁcate Authority (CA)

LET’S ENCRYPT • https://letsencrypt.org/docs/client-options/ SO MANY CLIENTS

ADDING LET’S ENCRYPT TO A RAILS APP ON A HEROKU

LET’S ENCRYPT STEP 1: GET THE CLIENT RUNNING ▸ brew

LET’S ENCRYPT STEP 2: ▸ Follow the prompts until you

LET’S ENCRYPT STEP 3: SET UP YOUR APP & VALIDATE

LET’S ENCRYPT STEP 4: ADD THE CERT TO YOUR HEROKU

https://letsencrypt.org/ getting-started/ http://collectiveidea.com/ blog/archives/2016/01/12/ lets-encrypt-with-a-rails- app-on-heroku/ https://opensource.com/ business/16/8/lets-encrypt