Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tales from the Let's Encrypt

Tales from the Let's Encrypt

Avatar for Beth Haubert

Beth Haubert

August 16, 2016
Tweet

More Decks by Beth Haubert

Other Decks in Programming

Transcript

  1. TABLE OF CONTENTS ‣ SSL OVERVIEW ‣ HOW TO GET

    A CERTIFICATE ‣ LET’S ENCRYPT!
  2. SSL OVERVIEW • So that customers trust that a site

    is secure and that their information won’t get stolen in transit from their browser to the server. • The need for encryption is becoming the rule, not the exception as web interaction become more complex. WHY DO YOU WANT SSL?
  3. SSL OVERVIEW • A layer of encryption is added between

    the client and the server. • This encryption uses private/ public keys and certificates that contain important info about the organization that owns the site. • A trusted third party (like Digicert or Verisign) validates the identity of the certificate and server. HOW SSL WORKS
  4. SSL OVERVIEW • A text file with encrypted data that

    you install on your server WHAT IS AN SSL CERTIFICATE
  5. HOW TO GET A CERTIFICATE • Fill out a CSR

    (certificate signing request) • Send it to a certificate authority (CA) • If you’ve submitted the correct info, the CA will validate your domain and other info • Receive and install the issued certificate GET THAT CERT!
  6. LET’S ENCRYPT • Let’s Encrypt is a Certificate Authority (CA)

    • It’s free, which is awesome GET THAT CERT!
  7. LET’S ENCRYPT STEP 1: GET THE CLIENT RUNNING ▸ brew

    install certbot ▸ sudo certbot certonly --manual
  8. LET’S ENCRYPT STEP 3: SET UP YOUR APP & VALIDATE

    URL ▸ Configure your new route ▸ Add a LETSENCRYPT key to your config file: ▸ heroku config:set LETSENCRYPT=(value) -r production ▸ Add a controller method
  9. LET’S ENCRYPT STEP 4: ADD THE CERT TO YOUR HEROKU

    APP ▸ heroku addons:create ssl:endpoint -r production ▸ sudo heroku certs:update /etc/letsencrypt/live/ www.omeowha.com/fullchain.pem /etc/letsencrypt/live/ www.omeowha.com/privkey.pem -r production ▸ Edit your DNS using the new value.