SlideShare ist ein Scribd-Unternehmen logo

Lets Encrypt!

Als PPTX, PDF herunterladen
Joerg Henning
Joerg Henning

Quick intro to Let's Encrypt! (https://letsencrypt.org/) I gave to the Singapore PHP Users Group.

Technologie
1 von 14
Let's Encrypt SSL Certificates without the pain
@joerghenning
SSL certificate orders/renewals so far Generate RSA key Generate CSR Log in to CA's web horrible interface Fill out certificate order form Pay a lot of money Verify domain
Let's Encrypt https://letsencrypt.org/ "free, automated, and open certificate authority (CA), run for the public’s benefit" [https://letsencrypt.org/about/] Provided by ISRG - Internet Security Research Group (California based Non-Profit) Sponsored by Mozilla, Akamai, Cisco, EFF, OVH, Facebook, Chrome, etc. Mission: reduce technological & financial barriers to secure internet communication
What does it do? Still with Key, CSR, Domain verification, get certificate It's automated It's free
How does it work? ● ACME protocol: https://ietf-wg-acme.github.io/acme/ ● Specifies mostly the process of domain verification ● What we need to know: https://letsencrypt.org/how-it-works/ ● Server admin is identified by key pair ● CA issues challenges to authorize key pair, e.g. ○ DNS record ○ File on server
Pitfalls User running letsencrypt must have write access to web server root Make sure dot-files are accessible Challenge path: https://my-domain.com/.well-known/acme- challenge/jd1o3ddZXTYbjwUHvRnQOECZToSY-BKxyd6LdFgjvOg server { listen 80; # don't do this location ~ ^/. { deny all; } }
Certificates ● Root CA: ISRG Root X1 ● Intermediates: ○ Let’s Encrypt Authority X1 (not widely supported yet) ○ Let’s Encrypt Authority X2 (recovery) ● Cross signed by IdenTrust (DST Root CA X3), widely supported ● Issues certs: https://www.certificate-transparency.org ● Searchable: https://crt.sh/
Client Support Yep: Android > 2.3.6 Firefox > 2.0, Firefox OS > 2.2 Windows: IE, Chrome Safari > 4.0, iOS > 3.1 Linux: Debian > 6, Ubuntu > 12.04, CentOS ? Quickly tested: Node.js, PHP Nope: Java as of jdk8u51 (applied for) Older Androids Windows XP Blackberry
Rate Limits According to https://community.letsencrypt.org/t/rate-limits-for-lets-encrypt/6769 Domains per certificate: 100 Certificates per domain: 5 certs/domain/week Registrations per IP: 500/3hrs For testing/development: use staging env (--test-cert, --staging) No limits on total number of certificates
Integrations Apache installer (haven't tried) Caddy Server Express middleware Fully automated SSL FTW!
Why should I use it? Less work - makes you happy It's free - makes your boss/client happy It's encrypted - makes your users safer It's automated - makes DevOps people happy
Limitations No love for: Windows XP Java No wildcards Only domain validated! i.e. 🔒https://paypal-service-evil-hackers.net

Empfohlen

ACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easyACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easyGabriell Nascimento
 
Let's Encrypt + DANE
Let's Encrypt + DANELet's Encrypt + DANE
Let's Encrypt + DANEDeploy360 Programme (Internet Society)
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud SecurityAWS Riyadh User Group
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to siteMostafa El Lathy
 
16 palo alto ssl decryption policy concept
16 palo alto ssl decryption policy concept16 palo alto ssl decryption policy concept
16 palo alto ssl decryption policy conceptMostafa El Lathy
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxdeepikakumari643428
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 

Empfohlen

ACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easyACME and Let's Encrypt: HTTPS made easy
ACME and Let's Encrypt: HTTPS made easyGabriell Nascimento
 
Let's Encrypt + DANE
Let's Encrypt + DANELet's Encrypt + DANE
Let's Encrypt + DANEDeploy360 Programme (Internet Society)
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud SecurityAWS Riyadh User Group
 
20 palo alto site to site
20 palo alto site to site20 palo alto site to site
20 palo alto site to siteMostafa El Lathy
 
16 palo alto ssl decryption policy concept
16 palo alto ssl decryption policy concept16 palo alto ssl decryption policy concept
16 palo alto ssl decryption policy conceptMostafa El Lathy
 
Azure Key Vault - Getting Started
Azure Key Vault - Getting StartedAzure Key Vault - Getting Started
Azure Key Vault - Getting StartedTaswar Bhatti
 
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxiOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptxdeepikakumari643428
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint LLC
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id conceptMostafa El Lathy
 
SSL/TLS 1.3 Deep Dive
SSL/TLS 1.3 Deep Dive SSL/TLS 1.3 Deep Dive
SSL/TLS 1.3 Deep Dive Solutions Architect
 
Microservices Security
Microservices SecurityMicroservices Security
Microservices SecurityAditi Anand
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)Shiu-Fun Poon
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security PlatformPituphong Yavirach
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...Andrejs Vorobjovs
 
320.1-Cryptography
320.1-Cryptography320.1-Cryptography
320.1-Cryptographybehrad eslamifar
 

Weitere ähnliche Inhalte

Was ist angesagt?

APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint LLC
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key ManagementAnthony Ikeda
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id conceptMostafa El Lathy
 
Microservices Security
Microservices SecurityMicroservices Security
Microservices SecurityAditi Anand
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces conceptsMostafa El Lathy
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)Shiu-Fun Poon
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to VaultKnoldus Inc.
 

Was ist angesagt? (20)

APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security Overview
 
12 palo alto app-id concept
12 palo alto app-id concept12 palo alto app-id concept
12 palo alto app-id concept
 
SSL/TLS 1.3 Deep Dive
SSL/TLS 1.3 Deep Dive SSL/TLS 1.3 Deep Dive
SSL/TLS 1.3 Deep Dive
 
Microservices Security
Microservices SecurityMicroservices Security
Microservices Security
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container security
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)How to create a User Defined Policy with IBM APIc (v10)
How to create a User Defined Policy with IBM APIc (v10)
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
Introduction to Vault
Introduction to VaultIntroduction to Vault
Introduction to Vault
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
 

Ähnlich wie Lets Encrypt!

OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...Andrejs Vorobjovs
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
 
Demystfying secure certs
Demystfying secure certsDemystfying secure certs
Demystfying secure certsGary Williams
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
 
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB
 
SSL State of the Union
SSL State of the UnionSSL State of the Union
SSL State of the UnionSander Temme
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World MongoDB
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Toni de la Fuente
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...RootedCON
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
 
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/MinAdvanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/MinMasahiro Nagano
 
Seattle C* Meetup: Hardening cassandra for compliance or paranoia
Seattle C* Meetup: Hardening cassandra for compliance or paranoiaSeattle C* Meetup: Hardening cassandra for compliance or paranoia
Seattle C* Meetup: Hardening cassandra for compliance or paranoiazznate
 
Best Practices of IoT in the Cloud
Best Practices of IoT in the CloudBest Practices of IoT in the Cloud
Best Practices of IoT in the CloudAmazon Web Services
 

Ähnlich wie Lets Encrypt! (20)

OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
OTN tour 2015 Experience in implementing SSL between oracle db and oracle cli...
 
320.1-Cryptography
320.1-Cryptography320.1-Cryptography
320.1-Cryptography
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
 
Demystfying secure certs
Demystfying secure certsDemystfying secure certs
Demystfying secure certs
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 
Let's encrypt
Let's encryptLet's encrypt
Let's encrypt
 
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
 
SSL State of the Union
SSL State of the UnionSSL State of the Union
SSL State of the Union
 
It's a Dangerous World
It's a Dangerous World It's a Dangerous World
It's a Dangerous World
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Tech t18
Tech t18Tech t18
Tech t18
 
Romulus OWASP
Romulus OWASPRomulus OWASP
Romulus OWASP
 
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/MinAdvanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
Advanced nginx in mercari - How to handle over 1,200,000 HTTPS Reqs/Min
 
Seattle C* Meetup: Hardening cassandra for compliance or paranoia
Seattle C* Meetup: Hardening cassandra for compliance or paranoiaSeattle C* Meetup: Hardening cassandra for compliance or paranoia
Seattle C* Meetup: Hardening cassandra for compliance or paranoia
 
Best Practices of IoT in the Cloud
Best Practices of IoT in the CloudBest Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
 

Kürzlich hochgeladen

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Kürzlich hochgeladen (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

Lets Encrypt!

  • 3. SSL certificate orders/renewals so far Generate RSA key Generate CSR Log in to CA's web horrible interface Fill out certificate order form Pay a lot of money Verify domain
  • 4. Let's Encrypt https://letsencrypt.org/ "free, automated, and open certificate authority (CA), run for the public’s benefit" [https://letsencrypt.org/about/] Provided by ISRG - Internet Security Research Group (California based Non-Profit) Sponsored by Mozilla, Akamai, Cisco, EFF, OVH, Facebook, Chrome, etc. Mission: reduce technological & financial barriers to secure internet communication
  • 5.
  • 6. What does it do? Still with Key, CSR, Domain verification, get certificate It's automated It's free
  • 7. How does it work? ● ACME protocol: https://ietf-wg-acme.github.io/acme/ ● Specifies mostly the process of domain verification ● What we need to know: https://letsencrypt.org/how-it-works/ ● Server admin is identified by key pair ● CA issues challenges to authorize key pair, e.g. ○ DNS record ○ File on server
  • 8. Pitfalls User running letsencrypt must have write access to web server root Make sure dot-files are accessible Challenge path: https://my-domain.com/.well-known/acme- challenge/jd1o3ddZXTYbjwUHvRnQOECZToSY-BKxyd6LdFgjvOg server { listen 80; # don't do this location ~ ^/. { deny all; } }
  • 9. Certificates ● Root CA: ISRG Root X1 ● Intermediates: ○ Let’s Encrypt Authority X1 (not widely supported yet) ○ Let’s Encrypt Authority X2 (recovery) ● Cross signed by IdenTrust (DST Root CA X3), widely supported ● Issues certs: https://www.certificate-transparency.org ● Searchable: https://crt.sh/
  • 10. Client Support Yep: Android > 2.3.6 Firefox > 2.0, Firefox OS > 2.2 Windows: IE, Chrome Safari > 4.0, iOS > 3.1 Linux: Debian > 6, Ubuntu > 12.04, CentOS ? Quickly tested: Node.js, PHP Nope: Java as of jdk8u51 (applied for) Older Androids Windows XP Blackberry
  • 11. Rate Limits According to https://community.letsencrypt.org/t/rate-limits-for-lets-encrypt/6769 Domains per certificate: 100 Certificates per domain: 5 certs/domain/week Registrations per IP: 500/3hrs For testing/development: use staging env (--test-cert, --staging) No limits on total number of certificates
  • 12. Integrations Apache installer (haven't tried) Caddy Server Express middleware Fully automated SSL FTW!
  • 13. Why should I use it? Less work - makes you happy It's free - makes your boss/client happy It's encrypted - makes your users safer It's automated - makes DevOps people happy
  • 14. Limitations No love for: Windows XP Java No wildcards Only domain validated! i.e. 🔒https://paypal-service-evil-hackers.net

Hinweis der Redaktion

  1. TODO: Browser support, wildcards, limitations (only domain validated certs!)
  2. Caddy (live demo?: not localhost or IP port not 80 scheme is not http TLS is not turned off Certificates and keys are not provided Caddy able to bind to 80 and 443 Get caddy: https://github.com/mholt/caddy/releases Caddyfile: jhenning.me gzip browse ext .html log ./access.log Start caddy Done!
  3. https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394