Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tales from the Let's Encrypt

2ccd8593c0f2ac6c9b91ee79bff5b63f?s=47 Beth Haubert
August 16, 2016
Programming
0
53

Tales from the Let's Encrypt

2ccd8593c0f2ac6c9b91ee79bff5b63f?s=128

Beth Haubert

August 16, 2016
Tweet

More Decks by Beth Haubert

See All by Beth Haubert
2ccd8593c0f2ac6c9b91ee79bff5b63f?s=48 bethanyhaubert
1
440
2ccd8593c0f2ac6c9b91ee79bff5b63f?s=48 bethanyhaubert
1
110

Other Decks in Programming

See All in Programming
D76231a2114896dfcc7b79ac69558b79?s=48 yosuke_furukawa
PRO
2
1.6k
922f51d458d6ffee8578b9d3ab0a52b6?s=48 ug
0
490
Fa37be48a20daa155e300c3c07365039?s=48 wisetlaloc
0
230
1d5ca7d8f17f15de4272e1ec7ef7abac?s=48 watilde
0
700
52cc8a838bf44a589d2572833b2dd1b9?s=48 palkan
1
1.1k
5cf7e9533a457726cd51232e06c1da9a?s=48 masashi
2
200
3c7020b33ae8880dd9514b6469a28ae0?s=48 yt8492
0
160
E0a89ea965a4ac4b5f091d6bd9e8d8ea?s=48 takahiro_komatsu1982
0
120
924d7de2a5a7102a597728e5edbbff78?s=48 kekyo
PRO
1
130
2722ca734f5f05badb74f976d1f2b6c8?s=48 yonetty
0
130
52c76fb01bb5d1908f91b0231a44a7b5?s=48 boriswilhelms
0
290
3371c1da192435d33a2843abf7c13287?s=48 tomu28
1
270

Featured

See All Featured
245cee81a9c424266e5e401d844ea881?s=48 lara
172
9.9k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
371
43k
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
72
3.6k
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
298
40k
96270e4c3e5e9806cf7245475c00b275?s=48 addyosmani
312
21k
C620790ae5bf5b50c245b2e0ef95f338?s=48 deanohume
293
28k
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
20
4.7k
7559f6cff1f5efc2d210965febd4d71c?s=48 bermonpainter
344
26k
A9704266587836f7e784235e5073b93e?s=48 jmmastey
14
800
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
54
2k
168ccec72eee0530b818d44f3fedaacf?s=48 shlominoach
176
7.7k
Ecdea9b9714877b86cee08458f085481?s=48 trallard
18
980

Transcript

  1. TALES FROM LET’S ENCRYPT BETH HAUBERT LET’S EN BETH HAUBERT

    PRESENTS

  2. TABLE OF CONTENTS ‣ SSL OVERVIEW ‣ HOW TO GET

    A CERTIFICATE ‣ LET’S ENCRYPT!

  3. SECURE SOCKETS LAYER (SSL)

  4. SSL OVERVIEW • So that customers trust that a site

    is secure and that their information won’t get stolen in transit from their browser to the server. • The need for encryption is becoming the rule, not the exception as web interaction become more complex. WHY DO YOU WANT SSL?

  5. SSL OVERVIEW • A layer of encryption is added between

    the client and the server. • This encryption uses private/ public keys and certificates that contain important info about the organization that owns the site. • A trusted third party (like Digicert or Verisign) validates the identity of the certificate and server. HOW SSL WORKS

  6. SSL OVERVIEW • A text file with encrypted data that

    you install on your server WHAT IS AN SSL CERTIFICATE

  7. HOW TO GET A CERTIFICATE

  8. HOW TO GET A CERTIFICATE • Fill out a CSR

    (certificate signing request) • Send it to a certificate authority (CA) • If you’ve submitted the correct info, the CA will validate your domain and other info • Receive and install the issued certificate GET THAT CERT!

  9. LET’S ENCRYPT! (WHAT IS IT?)

  10. LET’S ENCRYPT • Let’s Encrypt is a Certificate Authority (CA)

    • It’s free, which is awesome GET THAT CERT!

  11. LET’S ENCRYPT • https://letsencrypt.org/docs/client-options/ SO MANY CLIENTS

  12. ADDING LET’S ENCRYPT TO A RAILS APP ON A HEROKU

    SERVER

  13. LET’S ENCRYPT STEP 1: GET THE CLIENT RUNNING ▸ brew

    install certbot ▸ sudo certbot certonly --manual

  14. LET’S ENCRYPT STEP 2: ▸ Follow the prompts until you

    see this:

  15. LET’S ENCRYPT STEP 3: SET UP YOUR APP & VALIDATE

    URL ▸ Configure your new route ▸ Add a LETSENCRYPT key to your config file: ▸ heroku config:set LETSENCRYPT=(value) -r production ▸ Add a controller method

  16. LET’S ENCRYPT STEP 4: ADD THE CERT TO YOUR HEROKU

    APP ▸ heroku addons:create ssl:endpoint -r production ▸ sudo heroku certs:update /etc/letsencrypt/live/ www.omeowha.com/fullchain.pem /etc/letsencrypt/live/ www.omeowha.com/privkey.pem -r production ▸ Edit your DNS using the new value.

  17. https://letsencrypt.org/ getting-started/ http://collectiveidea.com/ blog/archives/2016/01/12/ lets-encrypt-with-a-rails- app-on-heroku/ https://opensource.com/ business/16/8/lets-encrypt