Let's Encrypt!

Let's Encrypt!

A brief introduction to Let's Encrypt, by Hugo Peixoto

B4fbb97c316798392c24b92f866c5ed6?s=128

Porto Codes

April 20, 2016
Tweet

Transcript

  1. 10.

    Owned by the site administrator Private key Public key Certificate

    Domain Subject Subject public key Issuer Signature User Agent (browser) HTTPS server
  2. 11.

    Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server
  3. 12.

    Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Certificate Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server
  4. 13.

    Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Certificate Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server Ow C Su Su ke Is Si Pr Pu
  5. 14.

    Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Certificate Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server
  6. 15.

    Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Certificate Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server
  7. 16.

    Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Certificate Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server
  8. 18.

    Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method
  9. 19.

    Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method Certificate Authority replies with a challenge token
  10. 20.

    Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method Certificate Authority replies with a challenge token Client sets up the validation method with the given token
  11. 21.

    Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method Certificate Authority replies with a challenge token Client sets up the validation method with the given token Client notifies the authority
  12. 22.

    Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method Certificate Authority replies with a challenge token Client sets up the validation method with the given token Client notifies the authority Certificate Authority validates the domain name
  13. 23.

    Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method Certificate Authority replies with a challenge token Client sets up the validation method with the given token Client notifies the authority Certificate Authority validates the domain name If successful, sends back a certificate to the client for the validated domain
  14. 28.
  15. 29.
  16. 30.

    FAQ

  17. 31.

    FAQ • Wildcard certificate support? ◦ Validation is a bit

    harder, not supported by the spec yet. • Mitigation against MITM in the validation step? ◦ ACME spec recommends checking the connection from multiple vantage points to reduce this risk • nginx support? ◦ Currently in experimental phase