ACME and Let's Encrypt: HTTPS made easy
•Als PPTX, PDF herunterladen•
3 gefällt mir•823 views
Este slide foi feito para uma apresentação no Papo Reto da Bluesoft. Nesta apresentação eu falo sobre o protocolo ACME (Automated Certificate Management Environment) para automatizar o gerenciamento de certificados para validação de domínio. Falo também sobre o Let's Encrypt, uma CA baseada no protocolo ACME e que será lançada em setembro de 2015.
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (12)
Ähnlich wie ACME and Let's Encrypt: HTTPS made easy
Ähnlich wie ACME and Let's Encrypt: HTTPS made easy (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (9)
ACME and Let's Encrypt: HTTPS made easy
- 1. ACME and Let’s Encrypt HTTPS made easy! Gabriell Nascimento
- 4. HTTPS handshake You’re safe here! Welcome to a secure website. :) https://secure.example.com SSL/TLS versions, chiphersuites and compression SSL/TLS and chiphersuite chosen and server’s certificate Symmetric key
- 5. And what about the certificate?
- 6. And what about the certificate? Tells a lot about who the client is talking to!
- 7. However... Someone must trust that
- 8. That’s a job for the Certificate Authority (CA)!
- 9. The CA ● A trustworthy company ● Issues certificates for another ones (trusts them)
- 10. How to get a certificate 1. Register in the CA 2. Ask for a certificate 3. Install the certificate
- 11. How to get a certificate 1. Register in the CA 2. Ask for a certificate 3. Install the certificate Pretty easy, huh?
- 12. How to get a certificate 1. Register in the CA 2. Ask for a certificate 3. Install the certificate Pretty easy, huh? Hummmm… yeah, except no.
- 13. to the rescue!
- 14. to the rescue! ACME protocol
- 15. ACME protocol ● Automated Certificate Management Environment ● Spec is still a draft (to be proposed as RFC) ● Authors: o Richard Barnes (Mozilla) o Peter Eckersley and Seth Schoen (EFF) o Alex Halderman and James Kasten (University of Michigan)
- 16. “ACME is a protocol for automating the management of domain-validation certificates”
- 17. Certificate issuance 1. Prompts for a domain name 2. Presents list of CAs 3. Operator selects CA Webserver w/ ACME CA 4. Requests certificate 5. Downloads and installs certificate 6. Periodic contacts to keep things up-to-date
- 18. ACME protocol ● A key pair represents the account ● REST ● JSON over HTTPS
- 20. Let’s Encrypt ● A new CA ● Free, automated and open ● ACME based ● Arriving September 2015
- 21. Major sponsors
- 22. Let’s Encrypt ● Certificates cross-signed by IdenTrust ● Standard Domain Validation certificates ● Linux Foundation collaborative project
- 26. What means... $ sudo apt-get install lets-encrypt $ lets-encrypt example.com
- 27. Drawbacks ● No Extended Validation (neither plans for that) ● No wildcard (possibly in the future)
- 29. Thanks!
- 30. References ● https://github.com/letsencrypt/acme-spec/blob/master/draft-barnes- acme.md ● https://letsencrypt.org/howitworks/technology/ ● https://letsencrypt.org/howitworks/ ● https://github.com/letsencrypt/acme-spec ● http://security.stackexchange.com/a/20833 ● http://security.stackexchange.com/a/41318 ● http://robertheaton.com/2014/03/27/how-does-https-actually-work/