Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tales from the Let's Encrypt

2ccd8593c0f2ac6c9b91ee79bff5b63f?s=47 Beth Haubert
August 16, 2016
Programming
0
49

Tales from the Let's Encrypt

2ccd8593c0f2ac6c9b91ee79bff5b63f?s=128

Beth Haubert

August 16, 2016
Tweet

More Decks by Beth Haubert

See All by Beth Haubert
2ccd8593c0f2ac6c9b91ee79bff5b63f?s=48 bethanyhaubert
1
360
2ccd8593c0f2ac6c9b91ee79bff5b63f?s=48 bethanyhaubert
1
100

Other Decks in Programming

See All in Programming
4782d92d3deeb4ab527ba6f867bf07c3?s=48 mizdra
7
4.9k
5c588fdfe782f92fa6b081903edd82bb?s=48 hr01
0
1.6k
5d8df7ad959b5b34fd68d715974c4e46?s=48 chichou
1
870
7975b9fd58c8945ae1c6b38747de7f28?s=48 line_developers_tw2
0
300
3cfad86677c5966ecfe9b81955fa3489?s=48 inoue2002
0
280
3931098ae486b6df619050c63e24f6cc?s=48 osyo
1
370
7975b9fd58c8945ae1c6b38747de7f28?s=48 line_developers_tw2
0
830
Cb88f765dd38cd942c39aacb5abbea06?s=48 ufoo68
1
180
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
280
1821636ac95415aa6e84bc33b394283d?s=48 tommykw
1
370
8aebb410308ec2c655550798e92cd2df?s=48 ken3ypa
0
160
3f309c992e2b1a5c3c014e63810a2f68?s=48 viteinfinite
0
210

Featured

See All Featured
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
30
3.3k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
66
3k
053e75a5b48b44d6dd0612795dfb326d?s=48 notwaldorf
13
1.6k
7c8469ee8c9e594c65c59b919626c08d?s=48 scottboms
251
11k
B6a8f005f39d23ffc930508ac9da68b9?s=48 vanstee
116
4.8k
E13c31390e0369fcd5972292ce0e7b92?s=48 jnunemaker
PRO
40
4.6k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
260
11k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
294
39k
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
52
2.8k
C157b16234f1e75e8eac3698c1d4414a?s=48 ddemaree
274
31k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
267
17k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
168
7.2k

Transcript

  1. TALES FROM LET’S ENCRYPT BETH HAUBERT LET’S EN BETH HAUBERT

    PRESENTS

  2. TABLE OF CONTENTS ‣ SSL OVERVIEW ‣ HOW TO GET

    A CERTIFICATE ‣ LET’S ENCRYPT!

  3. SECURE SOCKETS LAYER (SSL)

  4. SSL OVERVIEW • So that customers trust that a site

    is secure and that their information won’t get stolen in transit from their browser to the server. • The need for encryption is becoming the rule, not the exception as web interaction become more complex. WHY DO YOU WANT SSL?

  5. SSL OVERVIEW • A layer of encryption is added between

    the client and the server. • This encryption uses private/ public keys and certificates that contain important info about the organization that owns the site. • A trusted third party (like Digicert or Verisign) validates the identity of the certificate and server. HOW SSL WORKS

  6. SSL OVERVIEW • A text file with encrypted data that

    you install on your server WHAT IS AN SSL CERTIFICATE

  7. HOW TO GET A CERTIFICATE

  8. HOW TO GET A CERTIFICATE • Fill out a CSR

    (certificate signing request) • Send it to a certificate authority (CA) • If you’ve submitted the correct info, the CA will validate your domain and other info • Receive and install the issued certificate GET THAT CERT!

  9. LET’S ENCRYPT! (WHAT IS IT?)

  10. LET’S ENCRYPT • Let’s Encrypt is a Certificate Authority (CA)

    • It’s free, which is awesome GET THAT CERT!

  11. LET’S ENCRYPT • https://letsencrypt.org/docs/client-options/ SO MANY CLIENTS

  12. ADDING LET’S ENCRYPT TO A RAILS APP ON A HEROKU

    SERVER

  13. LET’S ENCRYPT STEP 1: GET THE CLIENT RUNNING ▸ brew

    install certbot ▸ sudo certbot certonly --manual

  14. LET’S ENCRYPT STEP 2: ▸ Follow the prompts until you

    see this:

  15. LET’S ENCRYPT STEP 3: SET UP YOUR APP & VALIDATE

    URL ▸ Configure your new route ▸ Add a LETSENCRYPT key to your config file: ▸ heroku config:set LETSENCRYPT=(value) -r production ▸ Add a controller method

  16. LET’S ENCRYPT STEP 4: ADD THE CERT TO YOUR HEROKU

    APP ▸ heroku addons:create ssl:endpoint -r production ▸ sudo heroku certs:update /etc/letsencrypt/live/ www.omeowha.com/fullchain.pem /etc/letsencrypt/live/ www.omeowha.com/privkey.pem -r production ▸ Edit your DNS using the new value.

  17. https://letsencrypt.org/ getting-started/ http://collectiveidea.com/ blog/archives/2016/01/12/ lets-encrypt-with-a-rails- app-on-heroku/ https://opensource.com/ business/16/8/lets-encrypt