SlideShare uma empresa Scribd logo

Let's Encrypt!

Drew Fustini
Drew Fustini

Secure Your Website with free SSL cert from Let's Encrypt! (for 300 Seconds of Fame at lightning talk at Chicago hackerspace Pumping Station: One)

Tecnologia
1 de 28
Baixar para ler offline
300 Seconds of Fame: November 2015 Drew Fustini @pdp7
● Free ● Automated ● Open New Certificate Authority:
● As of October 2015, certificates are now: Trusted by all major browsers ● Beta Participation Request
● Federal 501(c)(3) Non-Profit ● Mission: reduce financial, technological, and education barriers to secure communication over the Internet ● Board members from: EFF, Stanford Law, CoreOS, Akamai, Cisco, University of Michigan Internet Security Research Group
● Client Software: Let's Encrypt is a Python-based utility that works alongside Apache to automatically obtain a certificate and convert a website to HTTPS. ● Server-side CA Software: Boulder is the primary Let’s Encrypt CA implementation. It’s based on the ACME protocol, and written primarily in Go.
● Let’s Encrypt CA talks to certificate management software running on web servers ● Protocol for this is called ACME: Automated Certificate Management Environment ● Draft Specification – Will be proposed to IETF to make it open standard ACME Protocol
Domain Validation
Domain Validation
Certificate Issuance and Revocation
● Your certificate and chain have been saved at: /etc/letsencrypt/live/pdp7.com/fullchain.pem ● Your cert will expire on: 2016­02­07 ● To obtain a new version of the certificate in the future, simply run Let's Encrypt again. ● Your account credentials have been saved in your Let's Encrypt configuration directory at: /etc/letsencrypt ● You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt so making regular backups of this folder is ideal.
● My pdp7.com hosted by Debian 8.2 server on DigitalOcean ● Apache SSL Config file:    /etc/apache2/sites­enabled/default­ssl.conf     <IfModule mod_ssl.c>         <VirtualHost *:443>             SSLEngine on             SSLProtocol             all ­SSLv2 ­SSLv3             SSLCipherSuite          ECDHE­RSA­AES128­GCM­SHA256:ECDHE­ECDSA­AES12             SSLHonorCipherOrder     on             SSLCompression          off             SSLCertificateFile /etc/letsencrypt/live/pdp7.com/fullchain.pem             SSLCertificateKeyFile /etc/letsencrypt/live/pdp7.com/privkey.pem             ServerSignature Off             AcceptPathInfo Off             AddOutputFilterByType DEFLATE text/html text/plain text/xml applicati             AddDefaultCharset UTF­8             SSLOptions +StrictRequire             ServerAdmin admin@pdp7.com             ServerName pdp7.com             DocumentRoot /var/www/html             ErrorLog ${APACHE_LOG_DIR}/error.log             LogLevel warn             CustomLog ${APACHE_LOG_DIR}/access.log combined             LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User­agent}i              LogFormat "%v %h %l %u %t "%r" %>s %b" vhost_common         </VirtualHost>     </IfModule>
Why 90-day lifetimes for certs? ● 90 days is nothing new on the Web ● 29% of TLS transactions use 90-day certs (per Firefox Telemetry) ● Limit damage of key compromise & mis- issuance ● Encourage automation, which is essential for ease-of-use
Get Involved ● All code & protocol specifications are on GitHub ● Client software development mailing list ● CA software development mailing list ● ACME protocol dev IETF mailing list ● Community Support Forum (Discourse)

Recomendados

Lets Encrypt!
Lets Encrypt!Lets Encrypt!
Lets Encrypt!
Joerg Henning
 
ACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easyACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easy
Gabriell Nascimento
 
Demystfying secure certs
Demystfying secure certsDemystfying secure certs
Demystfying secure certs
Gary Williams
 
Nginx - The webserver you might actually like
Nginx - The webserver you might actually likeNginx - The webserver you might actually like
Nginx - The webserver you might actually like
Edorian
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and Keytool
CheapSSLsecurity
 
Issuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultIssuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vault
OlinData
 
Types of ssl commands and keytool
Types of ssl commands and keytoolTypes of ssl commands and keytool
Types of ssl commands and keytool
CheapSSLsecurity
 
Converting you website to https
Converting you website to httpsConverting you website to https
Converting you website to https
Peter Salerno
 

Recomendados

Lets Encrypt!
Lets Encrypt!Lets Encrypt!
Lets Encrypt!
Joerg Henning
 
ACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easyACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easy
Gabriell Nascimento
 
Demystfying secure certs
Demystfying secure certsDemystfying secure certs
Demystfying secure certs
Gary Williams
 
Nginx - The webserver you might actually like
Nginx - The webserver you might actually likeNginx - The webserver you might actually like
Nginx - The webserver you might actually like
Edorian
 
Various Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and KeytoolVarious Types of OpenSSL Commands and Keytool
Various Types of OpenSSL Commands and Keytool
CheapSSLsecurity
 
Issuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vaultIssuing temporary credentials for my sql using hashicorp vault
Issuing temporary credentials for my sql using hashicorp vault
OlinData
 
Types of ssl commands and keytool
Types of ssl commands and keytoolTypes of ssl commands and keytool
Types of ssl commands and keytool
CheapSSLsecurity
 
Converting you website to https
Converting you website to httpsConverting you website to https
Converting you website to https
Peter Salerno
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
Shrey Agarwal
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Jeff Horwitz
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
Alex Schoof
 
ModSecurity 3.0 and NGINX: Getting Started - EMEA
ModSecurity 3.0 and NGINX: Getting Started - EMEAModSecurity 3.0 and NGINX: Getting Started - EMEA
ModSecurity 3.0 and NGINX: Getting Started - EMEA
NGINX, Inc.
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
NGINX, Inc.
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Outlyer
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy Tales
OVHcloud
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
Anthony Ikeda
 
KTC Profile-august
KTC Profile-augustKTC Profile-august
KTC Profile-august
KTC Host
 
Vault 101
Vault 101Vault 101
Vault 101
Hazzim Anaya
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
Akeyless
 
Nginx internals
Nginx internalsNginx internals
Nginx internals
liqiang xu
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
Mayank Patel
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp Vault
Mitchell Pronschinske
 
Nessus and Reporting Karma
Nessus and Reporting KarmaNessus and Reporting Karma
Nessus and Reporting Karma
n|u - The Open Security Community
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
VEXXHOST Private Cloud
 
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
IT Tech
 
SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE
Dr Anjan Krishnamurthy
 
HashiTLS Demystifying Security Certs
HashiTLS Demystifying Security CertsHashiTLS Demystifying Security Certs
HashiTLS Demystifying Security Certs
Mitchell Pronschinske
 
id.net APIs for Hosts
id.net APIs for Hostsid.net APIs for Hosts
id.net APIs for Hosts
Edwin J.
 
EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPSEWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
Rob Tweed
 
How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7
VCP Muthukrishna
 

Mais conteúdo relacionado

Mais procurados

MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
NGINX, Inc.
 
KTC Profile-august
KTC Profile-augustKTC Profile-august
KTC Profile-august
KTC Host
 
Nginx internals
Nginx internalsNginx internals
Nginx internals
liqiang xu
 

Mais procurados (20)

Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
 
ModSecurity 3.0 and NGINX: Getting Started - EMEA
ModSecurity 3.0 and NGINX: Getting Started - EMEAModSecurity 3.0 and NGINX: Getting Started - EMEA
ModSecurity 3.0 and NGINX: Getting Started - EMEA
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy Tales
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 
KTC Profile-august
KTC Profile-augustKTC Profile-august
KTC Profile-august
 
Vault 101
Vault 101Vault 101
Vault 101
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
Nginx internals
Nginx internalsNginx internals
Nginx internals
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp Vault
 
Nessus and Reporting Karma
Nessus and Reporting KarmaNessus and Reporting Karma
Nessus and Reporting Karma
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
 
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
 
SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE
 
HashiTLS Demystifying Security Certs
HashiTLS Demystifying Security CertsHashiTLS Demystifying Security Certs
HashiTLS Demystifying Security Certs
 
id.net APIs for Hosts
id.net APIs for Hostsid.net APIs for Hosts
id.net APIs for Hosts
 

Semelhante a Let's Encrypt!

E gov security_tut_session_4_lab
E gov security_tut_session_4_labE gov security_tut_session_4_lab
E gov security_tut_session_4_lab
Mustafa Jarrar
 
Aeon mike guide transparent ssl filtering (1)
Aeon mike guide transparent ssl filtering (1)Aeon mike guide transparent ssl filtering (1)
Aeon mike guide transparent ssl filtering (1)
Conrad Cruz
 

Semelhante a Let's Encrypt! (20)

EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPSEWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
 
How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7
 
E gov security_tut_session_4_lab
E gov security_tut_session_4_labE gov security_tut_session_4_lab
E gov security_tut_session_4_lab
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
 
Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014
 
Apache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validationsApache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validations
 
320.1-Cryptography
320.1-Cryptography320.1-Cryptography
320.1-Cryptography
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
 
Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Rhel5
Rhel5Rhel5
Rhel5
 
21 05-2018
21 05-201821 05-2018
21 05-2018
 
Aeon mike guide transparent ssl filtering (1)
Aeon mike guide transparent ssl filtering (1)Aeon mike guide transparent ssl filtering (1)
Aeon mike guide transparent ssl filtering (1)
 

Mais de Drew Fustini

Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
Drew Fustini
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)
Drew Fustini
 
Linux on RISC-V (ELC 2020)
Linux on RISC-V (ELC 2020)Linux on RISC-V (ELC 2020)
Linux on RISC-V (ELC 2020)
Drew Fustini
 
How to run Linux on RISC-V (FOSS North 2020)
How to run Linux on RISC-V (FOSS North 2020)How to run Linux on RISC-V (FOSS North 2020)
How to run Linux on RISC-V (FOSS North 2020)
Drew Fustini
 
Berlin Embedded Linux meetup: How to Linux on RISC-V
Berlin Embedded Linux meetup: How to Linux on RISC-VBerlin Embedded Linux meetup: How to Linux on RISC-V
Berlin Embedded Linux meetup: How to Linux on RISC-V
Drew Fustini
 
How to run Linux on RISC-V
How to run Linux on RISC-VHow to run Linux on RISC-V
How to run Linux on RISC-V
Drew Fustini
 
Open Source Hardware and Libre Silicon
Open Source Hardware and Libre SiliconOpen Source Hardware and Libre Silicon
Open Source Hardware and Libre Silicon
Drew Fustini
 

Mais de Drew Fustini (20)

Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)
 
Linux on RISC-V (ELC 2020)
Linux on RISC-V (ELC 2020)Linux on RISC-V (ELC 2020)
Linux on RISC-V (ELC 2020)
 
Linux on RISC-V
Linux on RISC-VLinux on RISC-V
Linux on RISC-V
 
How to run Linux on RISC-V (FOSS North 2020)
How to run Linux on RISC-V (FOSS North 2020)How to run Linux on RISC-V (FOSS North 2020)
How to run Linux on RISC-V (FOSS North 2020)
 
Linux on RISC-V
Linux on RISC-VLinux on RISC-V
Linux on RISC-V
 
For the Love of Tux: Linux on RISC-V
For the Love of Tux: Linux on RISC-VFor the Love of Tux: Linux on RISC-V
For the Love of Tux: Linux on RISC-V
 
Berlin Embedded Linux meetup: How to Linux on RISC-V
Berlin Embedded Linux meetup: How to Linux on RISC-VBerlin Embedded Linux meetup: How to Linux on RISC-V
Berlin Embedded Linux meetup: How to Linux on RISC-V
 
How to run Linux on RISC-V
How to run Linux on RISC-VHow to run Linux on RISC-V
How to run Linux on RISC-V
 
FPGA Badge Hack: Linux on RISC-V
FPGA Badge Hack: Linux on RISC-VFPGA Badge Hack: Linux on RISC-V
FPGA Badge Hack: Linux on RISC-V
 
RISC-V and open source chip design
RISC-V and open source chip designRISC-V and open source chip design
RISC-V and open source chip design
 
Introduction to Open Source Hardware, OSHWA and Open Hardware Summit
Introduction to Open Source Hardware, OSHWA and Open Hardware SummitIntroduction to Open Source Hardware, OSHWA and Open Hardware Summit
Introduction to Open Source Hardware, OSHWA and Open Hardware Summit
 
Linux on Open Source Hardware with Open Source chip design (36c3)
Linux on Open Source Hardware with Open Source chip design (36c3)Linux on Open Source Hardware with Open Source chip design (36c3)
Linux on Open Source Hardware with Open Source chip design (36c3)
 
Open Source Hardware, Linux and RISC-V
Open Source Hardware, Linux and RISC-VOpen Source Hardware, Linux and RISC-V
Open Source Hardware, Linux and RISC-V
 
Open Source Hardware for Good
Open Source Hardware for GoodOpen Source Hardware for Good
Open Source Hardware for Good
 
Autodesk EAGLE and OSH Park
Autodesk EAGLE and OSH ParkAutodesk EAGLE and OSH Park
Autodesk EAGLE and OSH Park
 
BeagleBone Blue at Maker Faire 2017
BeagleBone Blue at Maker Faire 2017BeagleBone Blue at Maker Faire 2017
BeagleBone Blue at Maker Faire 2017
 
Open Source Hardware and Libre Silicon
Open Source Hardware and Libre SiliconOpen Source Hardware and Libre Silicon
Open Source Hardware and Libre Silicon
 
Intro to Open Source Hardware (OSHW)
Intro to Open Source Hardware (OSHW)Intro to Open Source Hardware (OSHW)
Intro to Open Source Hardware (OSHW)
 
Portland Science Hack Day: Open Source Hardware
Portland Science Hack Day: Open Source HardwarePortland Science Hack Day: Open Source Hardware
Portland Science Hack Day: Open Source Hardware
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Let's Encrypt!

  • 1. 300 Seconds of Fame: November 2015 Drew Fustini @pdp7
  • 2.
  • 3. ● Free ● Automated ● Open New Certificate Authority:
  • 4. ● As of October 2015, certificates are now: Trusted by all major browsers ● Beta Participation Request
  • 5.
  • 6. ● Federal 501(c)(3) Non-Profit ● Mission: reduce financial, technological, and education barriers to secure communication over the Internet ● Board members from: EFF, Stanford Law, CoreOS, Akamai, Cisco, University of Michigan Internet Security Research Group
  • 7.
  • 8. ● Client Software: Let's Encrypt is a Python-based utility that works alongside Apache to automatically obtain a certificate and convert a website to HTTPS. ● Server-side CA Software: Boulder is the primary Let’s Encrypt CA implementation. It’s based on the ACME protocol, and written primarily in Go.
  • 9. ● Let’s Encrypt CA talks to certificate management software running on web servers ● Protocol for this is called ACME: Automated Certificate Management Environment ● Draft Specification – Will be proposed to IETF to make it open standard ACME Protocol
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. ● Your certificate and chain have been saved at: /etc/letsencrypt/live/pdp7.com/fullchain.pem ● Your cert will expire on: 2016­02­07 ● To obtain a new version of the certificate in the future, simply run Let's Encrypt again. ● Your account credentials have been saved in your Let's Encrypt configuration directory at: /etc/letsencrypt ● You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt so making regular backups of this folder is ideal.
  • 20. ● My pdp7.com hosted by Debian 8.2 server on DigitalOcean ● Apache SSL Config file:    /etc/apache2/sites­enabled/default­ssl.conf     <IfModule mod_ssl.c>         <VirtualHost *:443>             SSLEngine on             SSLProtocol             all ­SSLv2 ­SSLv3             SSLCipherSuite          ECDHE­RSA­AES128­GCM­SHA256:ECDHE­ECDSA­AES12             SSLHonorCipherOrder     on             SSLCompression          off             SSLCertificateFile /etc/letsencrypt/live/pdp7.com/fullchain.pem             SSLCertificateKeyFile /etc/letsencrypt/live/pdp7.com/privkey.pem             ServerSignature Off             AcceptPathInfo Off             AddOutputFilterByType DEFLATE text/html text/plain text/xml applicati             AddDefaultCharset UTF­8             SSLOptions +StrictRequire             ServerAdmin admin@pdp7.com             ServerName pdp7.com             DocumentRoot /var/www/html             ErrorLog ${APACHE_LOG_DIR}/error.log             LogLevel warn             CustomLog ${APACHE_LOG_DIR}/access.log combined             LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User­agent}i              LogFormat "%v %h %l %u %t "%r" %>s %b" vhost_common         </VirtualHost>     </IfModule>
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27. Why 90-day lifetimes for certs? ● 90 days is nothing new on the Web ● 29% of TLS transactions use 90-day certs (per Firefox Telemetry) ● Limit damage of key compromise & mis- issuance ● Encourage automation, which is essential for ease-of-use
  • 28. Get Involved ● All code & protocol specifications are on GitHub ● Client software development mailing list ● CA software development mailing list ● ACME protocol dev IETF mailing list ● Community Support Forum (Discourse)