Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Let's Encrypt!

Avatar for Porto Codes Porto Codes
April 20, 2016
Programming
0
110

Let's Encrypt!

A brief introduction to Let's Encrypt, by Hugo Peixoto
Avatar for Porto Codes

Porto Codes

April 20, 2016
Tweet

More Decks by Porto Codes

See All by Porto Codes
React Native
Avatar for Porto Codes portocodes
0
75
What is a Digital Nomad
Avatar for Porto Codes portocodes
0
300
Real-time Desktop Capture
Avatar for Porto Codes portocodes
0
350
Introduction to Swift
Avatar for Porto Codes portocodes
0
240
Good ol' PHP
Avatar for Porto Codes portocodes
0
140

Other Decks in Programming

See All in Programming
SwiftDataのカスタムデータストアを試してみた
Avatar for 1mash0 1mash0
0
140
KawaiiLT 登壇資料 キャリアとモチベーション
Avatar for 柊 hiiragi
0
160
設計の本質:コード、システム、そして組織へ / The Essence of Design: To Code, Systems, and Organizations
Avatar for nrs nrslib
10
3.7k
プロフェッショナルとしての成長「問題の深掘り」が導く真のスキルアップ / issue-analysis-and-skill-up
Avatar for MinoDriven minodriven
8
1.9k
プロダクト横断分析に役立つ、事前集計しないサマリーテーブル設計
Avatar for Uchide Hiroki(ucchi-) hanon52_
3
530
ニーリーQAのこれまでとこれから
Avatar for Nealle nealle
2
150
The Evolution of the CRuby Build System
Avatar for Yuta Saito kateinoigakukun
1
760
The New Developer Workflow: How AI Transforms Ideas into Code
Avatar for Daniel Sogl danielsogl
0
100
iOSアプリで測る!名古屋駅までの 方向と距離
Avatar for Ryu-nakayama ryunakayama
0
150
M5UnitUnified 最新動向 2025/05
Avatar for GOB gob
0
120
RuboCop: Modularity and AST Insights
Avatar for Koichi ITO koic
2
2.4k
Cline with Amazon Bedrockで爆速開発体験ハンズオン/ 株式会社ブリューアス登壇資料
Avatar for M.Han mhan
0
110

Featured

See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
178
53k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
34
2.9k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
56
9.3k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
205
24k
Gamification - CAS2011
Avatar for David Bonilla davidbonilla
81
5.3k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
30
2.3k
Building an army of robots
Avatar for Kyle Neath kneath
305
45k
Done Done
Avatar for chrislema chrislema
184
16k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
32
5.5k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
49k
Docker and Python
Avatar for Tania Allard trallard
44
3.4k

Transcript

  1. Let’s encrypt! A brief introduction

  2. What Certificate Authority that provides TLS certificates

  3. What Certificate Authority that provides TLS certificates - Free of

    charge

  4. What Certificate Authority that provides TLS certificates - Free of

    charge - No human interaction required

  5. Why HTTPS? • Security

  6. Why HTTPS? • Security • HTTP/2

  7. How does HTTPS work

  8. User Agent (browser) HTTPS server

  9. Owned by the site administrator Private key Public key Domain

    User Agent (browser) HTTPS server

  10. Owned by the site administrator Private key Public key Certificate

    Domain Subject Subject public key Issuer Signature User Agent (browser) HTTPS server

  11. Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server

  12. Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Certificate Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server

  13. Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Certificate Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server Ow C Su Su ke Is Si Pr Pu

  14. Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Certificate Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server

  15. Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Certificate Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server

  16. Owned by the CA Owned by the site administrator Private

    key Public key Certificate Domain Subject Subject public key Issuer Signature Certificate Subject Subject public key Issuer Signature Private key Public key User Agent (browser) HTTPS server

  17. ACME protocol

  18. Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method

  19. Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method Certificate Authority replies with a challenge token

  20. Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method Certificate Authority replies with a challenge token Client sets up the validation method with the given token

  21. Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method Certificate Authority replies with a challenge token Client sets up the validation method with the given token Client notifies the authority

  22. Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method Certificate Authority replies with a challenge token Client sets up the validation method with the given token Client notifies the authority Certificate Authority validates the domain name

  23. Client sends a request to the certificate authority with: -

    Domain name to validate - Public key - Validation method Certificate Authority replies with a challenge token Client sets up the validation method with the given token Client notifies the authority Certificate Authority validates the domain name If successful, sends back a certificate to the client for the validated domain

  24. Validation methods

  25. Validation methods - Simple HTTP request

  26. Validation methods - Simple HTTP request - DNS

  27. Validation methods - Simple HTTP request - DNS - Some

    other stuff, check the spec

  28. Tools

  29. Drawbacks

  30. FAQ

  31. FAQ • Wildcard certificate support? ◦ Validation is a bit

    harder, not supported by the spec yet. • Mitigation against MITM in the validation step? ◦ ACME spec recommends checking the connection from multiple vantage points to reduce this risk • nginx support? ◦ Currently in experimental phase