Tales from the Let's Encrypt

Transcript

1. TALES FROM LET’S ENCRYPT
   BETH HAUBERT
   LET’S EN
   BETH HAUBERT PRESENTS
   

   View Slide

2. TABLE OF CONTENTS
   ‣ SSL OVERVIEW
   ‣ HOW TO GET A CERTIFICATE
   ‣ LET’S ENCRYPT!
   

   View Slide

3. SECURE SOCKETS
   LAYER (SSL)
   

   View Slide

4. SSL OVERVIEW
   • So that customers trust that
   a site is secure and that
   their information won’t get
   stolen in transit from their
   browser to the server.
   • The need for encryption is
   becoming the rule, not the
   exception as web
   interaction become more
   complex.
   WHY DO YOU WANT SSL?
   

   View Slide

5. SSL OVERVIEW
   • A layer of encryption is added
   between the client and the
   server.
   • This encryption uses private/
   public keys and certificates that
   contain important info about the
   organization that owns the site.
   • A trusted third party (like Digicert
   or Verisign) validates the identity
   of the certificate and server.
   HOW SSL WORKS
   

   View Slide

6. SSL OVERVIEW
   • A text file with
   encrypted data
   that you install on
   your server
   WHAT IS AN SSL CERTIFICATE
   

   View Slide

7. HOW TO GET A
   CERTIFICATE
   

   View Slide

8. HOW TO GET A CERTIFICATE
   • Fill out a CSR (certificate
   signing request)
   • Send it to a certificate
   authority (CA)
   • If you’ve submitted the correct
   info, the CA will validate your
   domain and other info
   • Receive and install the issued
   certificate
   GET THAT CERT!
   

   View Slide

9. LET’S ENCRYPT!
   (WHAT IS IT?)
   

   View Slide

10. LET’S ENCRYPT
    • Let’s Encrypt is a
    Certificate
    Authority (CA)
    • It’s free, which is
    awesome
    GET THAT CERT!
    

    View Slide

11. LET’S ENCRYPT
    • https://letsencrypt.org/docs/client-options/
    SO MANY CLIENTS
    

    View Slide

12. ADDING LET’S ENCRYPT TO
    A RAILS APP ON A HEROKU
    SERVER
    

    View Slide

13. LET’S ENCRYPT
    STEP 1: GET THE CLIENT RUNNING
    ▸ brew install certbot
    ▸ sudo certbot certonly --manual
    

    View Slide

14. LET’S ENCRYPT
    STEP 2:
    ▸ Follow the prompts until you see this:
    

    View Slide

15. LET’S ENCRYPT
    STEP 3: SET UP YOUR APP & VALIDATE URL
    ▸ Configure your new route
    ▸ Add a LETSENCRYPT key to your config file:
    ▸ heroku config:set LETSENCRYPT=(value) -r production
    ▸ Add a controller method
    

    View Slide

16. LET’S ENCRYPT
    STEP 4: ADD THE CERT TO YOUR HEROKU APP
    ▸ heroku addons:create ssl:endpoint -r production
    ▸ sudo heroku certs:update /etc/letsencrypt/live/
    www.omeowha.com/fullchain.pem /etc/letsencrypt/live/
    www.omeowha.com/privkey.pem -r production
    ▸ Edit your DNS using the new value.
    

    View Slide

17. https://letsencrypt.org/
    getting-started/
    http://collectiveidea.com/
    blog/archives/2016/01/12/
    lets-encrypt-with-a-rails-
    app-on-heroku/
    https://opensource.com/
    business/16/8/lets-encrypt
    

    View Slide