Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tales from the Let's Encrypt

2ccd8593c0f2ac6c9b91ee79bff5b63f?s=47 Beth Haubert
August 16, 2016
Programming
0
59

Tales from the Let's Encrypt

2ccd8593c0f2ac6c9b91ee79bff5b63f?s=128

Beth Haubert

August 16, 2016
Tweet

More Decks by Beth Haubert

See All by Beth Haubert
2ccd8593c0f2ac6c9b91ee79bff5b63f?s=48 bethanyhaubert
1
460
2ccd8593c0f2ac6c9b91ee79bff5b63f?s=48 bethanyhaubert
1
110

Other Decks in Programming

See All in Programming
351bca0f01c8cb553535791140636368?s=48 sidepelican
3
100
52711e2157a6fed933b0361cc06a6953?s=48 marcelgsantos
2
160
8c8f9e0f07a2550a0fca686bc420bf21?s=48 higekick
0
190
Ebeb5d8fd081058ba8df73d378bf83d7?s=48 phoenixhawk
0
130
0b8ad408b31cb9d5cff2828086c65d58?s=48 temoki
1
160
75486cbfd37125f121cf4a6c5614601c?s=48 hideokamoto
PRO
4
1.3k
08d5432a5bc31e6d9edec87b94cb1db1?s=48 k0kubun
18
11k
E4e01fb8b7105e61e3876224139503ab?s=48 niw
2
330
583e920a7e9238a1c21e923025f8f641?s=48 elainenaomi
4
150
3c031541ed3d92869414857dfef853de?s=48 koher
6
290
Eac0bf787b5279aca5e699ece096956e?s=48 inamiy
7
580
Eae7b6aeee72d3081b01d09a2d675f9a?s=48 akkeylab
5
550

Featured

See All Featured
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
28
2.8k
5f50f94346fbcb23706f0707169317a4?s=48 aarron
261
36k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
69
3.2k
C86443373fbfe92996aa882d0d7a59f8?s=48 imathis
482
150k
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
27
5k
Dad095ea7038f89f760419ce475d5d14?s=48 michaelherold
227
8.9k
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
55
3k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
414
58k
7fa6101cd43067653cf4ac6c7ca54305?s=48 akmur
255
20k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
105
11k
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1021
400k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
15
1k

Transcript

  1. TALES FROM LET’S ENCRYPT BETH HAUBERT LET’S EN BETH HAUBERT

    PRESENTS

  2. TABLE OF CONTENTS ‣ SSL OVERVIEW ‣ HOW TO GET

    A CERTIFICATE ‣ LET’S ENCRYPT!

  3. SECURE SOCKETS LAYER (SSL)

  4. SSL OVERVIEW • So that customers trust that a site

    is secure and that their information won’t get stolen in transit from their browser to the server. • The need for encryption is becoming the rule, not the exception as web interaction become more complex. WHY DO YOU WANT SSL?

  5. SSL OVERVIEW • A layer of encryption is added between

    the client and the server. • This encryption uses private/ public keys and certificates that contain important info about the organization that owns the site. • A trusted third party (like Digicert or Verisign) validates the identity of the certificate and server. HOW SSL WORKS

  6. SSL OVERVIEW • A text file with encrypted data that

    you install on your server WHAT IS AN SSL CERTIFICATE

  7. HOW TO GET A CERTIFICATE

  8. HOW TO GET A CERTIFICATE • Fill out a CSR

    (certificate signing request) • Send it to a certificate authority (CA) • If you’ve submitted the correct info, the CA will validate your domain and other info • Receive and install the issued certificate GET THAT CERT!

  9. LET’S ENCRYPT! (WHAT IS IT?)

  10. LET’S ENCRYPT • Let’s Encrypt is a Certificate Authority (CA)

    • It’s free, which is awesome GET THAT CERT!

  11. LET’S ENCRYPT • https://letsencrypt.org/docs/client-options/ SO MANY CLIENTS

  12. ADDING LET’S ENCRYPT TO A RAILS APP ON A HEROKU

    SERVER

  13. LET’S ENCRYPT STEP 1: GET THE CLIENT RUNNING ▸ brew

    install certbot ▸ sudo certbot certonly --manual

  14. LET’S ENCRYPT STEP 2: ▸ Follow the prompts until you

    see this:

  15. LET’S ENCRYPT STEP 3: SET UP YOUR APP & VALIDATE

    URL ▸ Configure your new route ▸ Add a LETSENCRYPT key to your config file: ▸ heroku config:set LETSENCRYPT=(value) -r production ▸ Add a controller method

  16. LET’S ENCRYPT STEP 4: ADD THE CERT TO YOUR HEROKU

    APP ▸ heroku addons:create ssl:endpoint -r production ▸ sudo heroku certs:update /etc/letsencrypt/live/ www.omeowha.com/fullchain.pem /etc/letsencrypt/live/ www.omeowha.com/privkey.pem -r production ▸ Edit your DNS using the new value.

  17. https://letsencrypt.org/ getting-started/ http://collectiveidea.com/ blog/archives/2016/01/12/ lets-encrypt-with-a-rails- app-on-heroku/ https://opensource.com/ business/16/8/lets-encrypt