Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Let's Encrypt!

Drew Fustini
Drew Fustini

Secure Your Website with free SSL cert from Let's Encrypt! (for 300 Seconds of Fame at lightning talk at Chicago hackerspace Pumping Station: One)

1 of 28
Download to read offline
300 Seconds of Fame: November 2015 Drew Fustini @pdp7
Let's Encrypt!
● Free ● Automated ● Open New Certificate Authority:
● As of October 2015, certificates are now: Trusted by all major browsers ● Beta Participation Request
Let's Encrypt!
● Federal 501(c)(3) Non-Profit ● Mission: reduce financial, technological, and education barriers to secure communication over the Internet ● Board members from: EFF, Stanford Law, CoreOS, Akamai, Cisco, University of Michigan Internet Security Research Group
Let's Encrypt!
● Client Software: Let's Encrypt is a Python-based utility that works alongside Apache to automatically obtain a certificate and convert a website to HTTPS. ● Server-side CA Software: Boulder is the primary Let’s Encrypt CA implementation. It’s based on the ACME protocol, and written primarily in Go.
● Let’s Encrypt CA talks to certificate management software running on web servers ● Protocol for this is called ACME: Automated Certificate Management Environment ● Draft Specification – Will be proposed to IETF to make it open standard ACME Protocol
Domain Validation
Domain Validation
Certificate Issuance and Revocation
Let's Encrypt!
Let's Encrypt!
Let's Encrypt!
Let's Encrypt!
Let's Encrypt!
Let's Encrypt!
● Your certificate and chain have been saved at: /etc/letsencrypt/live/pdp7.com/fullchain.pem ● Your cert will expire on: 2016­02­07 ● To obtain a new version of the certificate in the future, simply run Let's Encrypt again. ● Your account credentials have been saved in your Let's Encrypt configuration directory at: /etc/letsencrypt ● You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt so making regular backups of this folder is ideal.
● My pdp7.com hosted by Debian 8.2 server on DigitalOcean ● Apache SSL Config file:    /etc/apache2/sites­enabled/default­ssl.conf     <IfModule mod_ssl.c>         <VirtualHost *:443>             SSLEngine on             SSLProtocol             all ­SSLv2 ­SSLv3             SSLCipherSuite          ECDHE­RSA­AES128­GCM­SHA256:ECDHE­ECDSA­AES12             SSLHonorCipherOrder     on             SSLCompression          off             SSLCertificateFile /etc/letsencrypt/live/pdp7.com/fullchain.pem             SSLCertificateKeyFile /etc/letsencrypt/live/pdp7.com/privkey.pem             ServerSignature Off             AcceptPathInfo Off             AddOutputFilterByType DEFLATE text/html text/plain text/xml applicati             AddDefaultCharset UTF­8             SSLOptions +StrictRequire             ServerAdmin admin@pdp7.com             ServerName pdp7.com             DocumentRoot /var/www/html             ErrorLog ${APACHE_LOG_DIR}/error.log             LogLevel warn             CustomLog ${APACHE_LOG_DIR}/access.log combined             LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User­agent}i              LogFormat "%v %h %l %u %t "%r" %>s %b" vhost_common         </VirtualHost>     </IfModule>
Let's Encrypt!
Let's Encrypt!
Let's Encrypt!
Let's Encrypt!
Let's Encrypt!
Let's Encrypt!
Why 90-day lifetimes for certs? ● 90 days is nothing new on the Web ● 29% of TLS transactions use 90-day certs (per Firefox Telemetry) ● Limit damage of key compromise & mis- issuance ● Encourage automation, which is essential for ease-of-use
Get Involved ● All code & protocol specifications are on GitHub ● Client software development mailing list ● CA software development mailing list ● ACME protocol dev IETF mailing list ● Community Support Forum (Discourse)

More Related Content

What's hot

Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
Shrey Agarwal
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Jeff Horwitz
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
Alex Schoof
 
ModSecurity 3.0 and NGINX: Getting Started - EMEA
ModSecurity 3.0 and NGINX: Getting Started - EMEAModSecurity 3.0 and NGINX: Getting Started - EMEA
ModSecurity 3.0 and NGINX: Getting Started - EMEA
NGINX, Inc.
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
NGINX, Inc.
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Outlyer
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy Tales
OVHcloud
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
Anthony Ikeda
 
KTC Profile-august
KTC Profile-augustKTC Profile-august
KTC Profile-august
KTC Host
 
Vault 101
Vault 101Vault 101
Vault 101
Hazzim Anaya
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
Akeyless
 
Nginx internals
Nginx internalsNginx internals
Nginx internals
liqiang xu
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
Mayank Patel
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp Vault
Mitchell Pronschinske
 
Nessus and Reporting Karma
Nessus and Reporting KarmaNessus and Reporting Karma
Nessus and Reporting Karma
n|u - The Open Security Community
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
VEXXHOST Private Cloud
 
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
IT Tech
 
SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE
Dr Anjan Krishnamurthy
 
HashiTLS Demystifying Security Certs
HashiTLS Demystifying Security CertsHashiTLS Demystifying Security Certs
HashiTLS Demystifying Security Certs
Mitchell Pronschinske
 
id.net APIs for Hosts
id.net APIs for Hostsid.net APIs for Hosts
id.net APIs for Hosts
Edwin J.
 

What's hot (20)

Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
Managing secrets at scale
Managing secrets at scaleManaging secrets at scale
Managing secrets at scale
 
ModSecurity 3.0 and NGINX: Getting Started - EMEA
ModSecurity 3.0 and NGINX: Getting Started - EMEAModSecurity 3.0 and NGINX: Getting Started - EMEA
ModSecurity 3.0 and NGINX: Getting Started - EMEA
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
 
HTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy TalesHTTPS Explained Through Fairy Tales
HTTPS Explained Through Fairy Tales
 
Vault - Secret and Key Management
Vault - Secret and Key ManagementVault - Secret and Key Management
Vault - Secret and Key Management
 
KTC Profile-august
KTC Profile-augustKTC Profile-august
KTC Profile-august
 
Vault 101
Vault 101Vault 101
Vault 101
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
Nginx internals
Nginx internalsNginx internals
Nginx internals
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp Vault
 
Keeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp VaultKeeping a Secret with HashiCorp Vault
Keeping a Secret with HashiCorp Vault
 
Nessus and Reporting Karma
Nessus and Reporting KarmaNessus and Reporting Karma
Nessus and Reporting Karma
 
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptxHow To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
 
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
Ccie notes configuring cisco ios ca server and enrolling cisco asa to a ca se...
 
SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE
 
HashiTLS Demystifying Security Certs
HashiTLS Demystifying Security CertsHashiTLS Demystifying Security Certs
HashiTLS Demystifying Security Certs
 
id.net APIs for Hosts
id.net APIs for Hostsid.net APIs for Hosts
id.net APIs for Hosts
 

Similar to Let's Encrypt!

EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPSEWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
Rob Tweed
 
How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7
VCP Muthukrishna
 
E gov security_tut_session_4_lab
E gov security_tut_session_4_labE gov security_tut_session_4_lab
E gov security_tut_session_4_lab
Mustafa Jarrar
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
Tom Kerkhove
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
Nick Owen
 
NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)
Marcel Cattaneo
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
ReliqusConsulting
 
Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8
Kaan Aslandağ
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
ssuser865ecd
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014
Miguel Zuniga
 
Apache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validationsApache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validations
Jean-Frederic Clere
 
320.1-Cryptography
320.1-Cryptography320.1-Cryptography
320.1-Cryptography
behrad eslamifar
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX, Inc.
 
Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!
All Things Open
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Muhammad Moinur Rahman
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
Brian A. McHenry
 
Rhel5
Rhel5Rhel5
Rhel5
Yash Gulati
 
21 05-2018
21 05-201821 05-2018
21 05-2018
Praaveen Vr
 
Aeon mike guide transparent ssl filtering (1)
Aeon mike guide transparent ssl filtering (1)Aeon mike guide transparent ssl filtering (1)
Aeon mike guide transparent ssl filtering (1)
Conrad Cruz
 

Similar to Let's Encrypt! (20)

EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPSEWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
EWD 3 Training Course Part 32: Configuring QEWD to use SSL/HTTPS
 
How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7
 
E gov security_tut_session_4_lab
E gov security_tut_session_4_labE gov security_tut_session_4_lab
E gov security_tut_session_4_lab
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
 
Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8Configuration of Self Signed SSL Certificate For CentOS 8
Configuration of Self Signed SSL Certificate For CentOS 8
 
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptxOralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014
 
Apache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validationsApache Httpd and TLS certificates validations
Apache Httpd and TLS certificates validations
 
320.1-Cryptography
320.1-Cryptography320.1-Cryptography
320.1-Cryptography
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA Broadcast
 
Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Rhel5
Rhel5Rhel5
Rhel5
 
21 05-2018
21 05-201821 05-2018
21 05-2018
 
Aeon mike guide transparent ssl filtering (1)
Aeon mike guide transparent ssl filtering (1)Aeon mike guide transparent ssl filtering (1)
Aeon mike guide transparent ssl filtering (1)
 

More from Drew Fustini

Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
Drew Fustini
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)
Drew Fustini
 
Linux on RISC-V (ELC 2020)
Linux on RISC-V (ELC 2020)Linux on RISC-V (ELC 2020)
Linux on RISC-V (ELC 2020)
Drew Fustini
 
Linux on RISC-V
Linux on RISC-VLinux on RISC-V
Linux on RISC-V
Drew Fustini
 
How to run Linux on RISC-V (FOSS North 2020)
How to run Linux on RISC-V (FOSS North 2020)How to run Linux on RISC-V (FOSS North 2020)
How to run Linux on RISC-V (FOSS North 2020)
Drew Fustini
 
Linux on RISC-V
Linux on RISC-VLinux on RISC-V
Linux on RISC-V
Drew Fustini
 
For the Love of Tux: Linux on RISC-V
For the Love of Tux: Linux on RISC-VFor the Love of Tux: Linux on RISC-V
For the Love of Tux: Linux on RISC-V
Drew Fustini
 
Berlin Embedded Linux meetup: How to Linux on RISC-V
Berlin Embedded Linux meetup: How to Linux on RISC-VBerlin Embedded Linux meetup: How to Linux on RISC-V
Berlin Embedded Linux meetup: How to Linux on RISC-V
Drew Fustini
 
How to run Linux on RISC-V
How to run Linux on RISC-VHow to run Linux on RISC-V
How to run Linux on RISC-V
Drew Fustini
 
FPGA Badge Hack: Linux on RISC-V
FPGA Badge Hack: Linux on RISC-VFPGA Badge Hack: Linux on RISC-V
FPGA Badge Hack: Linux on RISC-V
Drew Fustini
 
RISC-V and open source chip design
RISC-V and open source chip designRISC-V and open source chip design
RISC-V and open source chip design
Drew Fustini
 
Introduction to Open Source Hardware, OSHWA and Open Hardware Summit
Introduction to Open Source Hardware, OSHWA and Open Hardware SummitIntroduction to Open Source Hardware, OSHWA and Open Hardware Summit
Introduction to Open Source Hardware, OSHWA and Open Hardware Summit
Drew Fustini
 
Linux on Open Source Hardware with Open Source chip design (36c3)
Linux on Open Source Hardware with Open Source chip design (36c3)Linux on Open Source Hardware with Open Source chip design (36c3)
Linux on Open Source Hardware with Open Source chip design (36c3)
Drew Fustini
 
Open Source Hardware, Linux and RISC-V
Open Source Hardware, Linux and RISC-VOpen Source Hardware, Linux and RISC-V
Open Source Hardware, Linux and RISC-V
Drew Fustini
 
Open Source Hardware for Good
Open Source Hardware for GoodOpen Source Hardware for Good
Open Source Hardware for Good
Drew Fustini
 
Autodesk EAGLE and OSH Park
Autodesk EAGLE and OSH ParkAutodesk EAGLE and OSH Park
Autodesk EAGLE and OSH Park
Drew Fustini
 
BeagleBone Blue at Maker Faire 2017
BeagleBone Blue at Maker Faire 2017BeagleBone Blue at Maker Faire 2017
BeagleBone Blue at Maker Faire 2017
Drew Fustini
 
Open Source Hardware and Libre Silicon
Open Source Hardware and Libre SiliconOpen Source Hardware and Libre Silicon
Open Source Hardware and Libre Silicon
Drew Fustini
 
Intro to Open Source Hardware (OSHW)
Intro to Open Source Hardware (OSHW)Intro to Open Source Hardware (OSHW)
Intro to Open Source Hardware (OSHW)
Drew Fustini
 
Portland Science Hack Day: Open Source Hardware
Portland Science Hack Day: Open Source HardwarePortland Science Hack Day: Open Source Hardware
Portland Science Hack Day: Open Source Hardware
Drew Fustini
 

More from Drew Fustini (20)

Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
Linux on RISC-V with Open Source Hardware (Open Source Summit Japan 2020)
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)
 
Linux on RISC-V (ELC 2020)
Linux on RISC-V (ELC 2020)Linux on RISC-V (ELC 2020)
Linux on RISC-V (ELC 2020)
 
Linux on RISC-V
Linux on RISC-VLinux on RISC-V
Linux on RISC-V
 
How to run Linux on RISC-V (FOSS North 2020)
How to run Linux on RISC-V (FOSS North 2020)How to run Linux on RISC-V (FOSS North 2020)
How to run Linux on RISC-V (FOSS North 2020)
 
Linux on RISC-V
Linux on RISC-VLinux on RISC-V
Linux on RISC-V
 
For the Love of Tux: Linux on RISC-V
For the Love of Tux: Linux on RISC-VFor the Love of Tux: Linux on RISC-V
For the Love of Tux: Linux on RISC-V
 
Berlin Embedded Linux meetup: How to Linux on RISC-V
Berlin Embedded Linux meetup: How to Linux on RISC-VBerlin Embedded Linux meetup: How to Linux on RISC-V
Berlin Embedded Linux meetup: How to Linux on RISC-V
 
How to run Linux on RISC-V
How to run Linux on RISC-VHow to run Linux on RISC-V
How to run Linux on RISC-V
 
FPGA Badge Hack: Linux on RISC-V
FPGA Badge Hack: Linux on RISC-VFPGA Badge Hack: Linux on RISC-V
FPGA Badge Hack: Linux on RISC-V
 
RISC-V and open source chip design
RISC-V and open source chip designRISC-V and open source chip design
RISC-V and open source chip design
 
Introduction to Open Source Hardware, OSHWA and Open Hardware Summit
Introduction to Open Source Hardware, OSHWA and Open Hardware SummitIntroduction to Open Source Hardware, OSHWA and Open Hardware Summit
Introduction to Open Source Hardware, OSHWA and Open Hardware Summit
 
Linux on Open Source Hardware with Open Source chip design (36c3)
Linux on Open Source Hardware with Open Source chip design (36c3)Linux on Open Source Hardware with Open Source chip design (36c3)
Linux on Open Source Hardware with Open Source chip design (36c3)
 
Open Source Hardware, Linux and RISC-V
Open Source Hardware, Linux and RISC-VOpen Source Hardware, Linux and RISC-V
Open Source Hardware, Linux and RISC-V
 
Open Source Hardware for Good
Open Source Hardware for GoodOpen Source Hardware for Good
Open Source Hardware for Good
 
Autodesk EAGLE and OSH Park
Autodesk EAGLE and OSH ParkAutodesk EAGLE and OSH Park
Autodesk EAGLE and OSH Park
 
BeagleBone Blue at Maker Faire 2017
BeagleBone Blue at Maker Faire 2017BeagleBone Blue at Maker Faire 2017
BeagleBone Blue at Maker Faire 2017
 
Open Source Hardware and Libre Silicon
Open Source Hardware and Libre SiliconOpen Source Hardware and Libre Silicon
Open Source Hardware and Libre Silicon
 
Intro to Open Source Hardware (OSHW)
Intro to Open Source Hardware (OSHW)Intro to Open Source Hardware (OSHW)
Intro to Open Source Hardware (OSHW)
 
Portland Science Hack Day: Open Source Hardware
Portland Science Hack Day: Open Source HardwarePortland Science Hack Day: Open Source Hardware
Portland Science Hack Day: Open Source Hardware
 

Recently uploaded

7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf
Enterprise Wired
 
Quantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLMQuantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLM
Vijayananda Mohire
 
20240704 QFM023 Engineering Leadership Reading List June 2024
20240704 QFM023 Engineering Leadership Reading List June 202420240704 QFM023 Engineering Leadership Reading List June 2024
20240704 QFM023 Engineering Leadership Reading List June 2024
Matthew Sinclair
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Mydbops
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real worldImplementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real world
Emerging Tech
 
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
amitchopra0215
 
The Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU CampusesThe Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU Campuses
Larry Smarr
 
What's Next Web Development Trends to Watch.pdf
What's Next Web Development Trends to Watch.pdfWhat's Next Web Development Trends to Watch.pdf
What's Next Web Development Trends to Watch.pdf
SeasiaInfotech2
 
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
Liveplex
 
5G bootcamp Sep 2020 (NPI initiative).pptx
5G bootcamp Sep 2020 (NPI initiative).pptx5G bootcamp Sep 2020 (NPI initiative).pptx
5G bootcamp Sep 2020 (NPI initiative).pptx
SATYENDRA100
 
Performance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy EvertsPerformance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy Everts
ScyllaDB
 
@Call @Girls Thiruvananthapuram 🚒 XXXXXXXXXX 🚒 Priya Sharma Beautiful And Cu...
@Call @Girls Thiruvananthapuram 🚒 XXXXXXXXXX 🚒 Priya Sharma Beautiful And Cu...@Call @Girls Thiruvananthapuram 🚒 XXXXXXXXXX 🚒 Priya Sharma Beautiful And Cu...
@Call @Girls Thiruvananthapuram 🚒 XXXXXXXXXX 🚒 Priya Sharma Beautiful And Cu...
kantakumariji156
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions
 
Why do You Have to Redesign?_Redesign Challenge Day 1
Why do You Have to Redesign?_Redesign Challenge Day 1Why do You Have to Redesign?_Redesign Challenge Day 1
Why do You Have to Redesign?_Redesign Challenge Day 1
FellyciaHikmahwarani
 
20240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 202420240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 2024
Matthew Sinclair
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
SynapseIndia
 
DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
Yevgen Sysoyev
 
Running a Go App in Kubernetes: CPU Impacts
Running a Go App in Kubernetes: CPU ImpactsRunning a Go App in Kubernetes: CPU Impacts
Running a Go App in Kubernetes: CPU Impacts
ScyllaDB
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
Eric D. Schabell
 

Recently uploaded (20)

7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf
 
Quantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLMQuantum Communications Q&A with Gemini LLM
Quantum Communications Q&A with Gemini LLM
 
20240704 QFM023 Engineering Leadership Reading List June 2024
20240704 QFM023 Engineering Leadership Reading List June 202420240704 QFM023 Engineering Leadership Reading List June 2024
20240704 QFM023 Engineering Leadership Reading List June 2024
 
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsScaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real worldImplementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real world
 
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
 
The Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU CampusesThe Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU Campuses
 
What's Next Web Development Trends to Watch.pdf
What's Next Web Development Trends to Watch.pdfWhat's Next Web Development Trends to Watch.pdf
What's Next Web Development Trends to Watch.pdf
 
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALLBLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
BLOCKCHAIN FOR DUMMIES: GUIDEBOOK FOR ALL
 
5G bootcamp Sep 2020 (NPI initiative).pptx
5G bootcamp Sep 2020 (NPI initiative).pptx5G bootcamp Sep 2020 (NPI initiative).pptx
5G bootcamp Sep 2020 (NPI initiative).pptx
 
Performance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy EvertsPerformance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy Everts
 
@Call @Girls Thiruvananthapuram 🚒 XXXXXXXXXX 🚒 Priya Sharma Beautiful And Cu...
@Call @Girls Thiruvananthapuram 🚒 XXXXXXXXXX 🚒 Priya Sharma Beautiful And Cu...@Call @Girls Thiruvananthapuram 🚒 XXXXXXXXXX 🚒 Priya Sharma Beautiful And Cu...
@Call @Girls Thiruvananthapuram 🚒 XXXXXXXXXX 🚒 Priya Sharma Beautiful And Cu...
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
 
Why do You Have to Redesign?_Redesign Challenge Day 1
Why do You Have to Redesign?_Redesign Challenge Day 1Why do You Have to Redesign?_Redesign Challenge Day 1
Why do You Have to Redesign?_Redesign Challenge Day 1
 
20240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 202420240705 QFM024 Irresponsible AI Reading List June 2024
20240705 QFM024 Irresponsible AI Reading List June 2024
 
How RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptxHow RPA Help in the Transportation and Logistics Industry.pptx
How RPA Help in the Transportation and Logistics Industry.pptx
 
DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
 
Running a Go App in Kubernetes: CPU Impacts
Running a Go App in Kubernetes: CPU ImpactsRunning a Go App in Kubernetes: CPU Impacts
Running a Go App in Kubernetes: CPU Impacts
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
 

Let's Encrypt!

  • 1. 300 Seconds of Fame: November 2015 Drew Fustini @pdp7
  • 3. ● Free ● Automated ● Open New Certificate Authority:
  • 4. ● As of October 2015, certificates are now: Trusted by all major browsers ● Beta Participation Request
  • 6. ● Federal 501(c)(3) Non-Profit ● Mission: reduce financial, technological, and education barriers to secure communication over the Internet ● Board members from: EFF, Stanford Law, CoreOS, Akamai, Cisco, University of Michigan Internet Security Research Group
  • 8. ● Client Software: Let's Encrypt is a Python-based utility that works alongside Apache to automatically obtain a certificate and convert a website to HTTPS. ● Server-side CA Software: Boulder is the primary Let’s Encrypt CA implementation. It’s based on the ACME protocol, and written primarily in Go.
  • 9. ● Let’s Encrypt CA talks to certificate management software running on web servers ● Protocol for this is called ACME: Automated Certificate Management Environment ● Draft Specification – Will be proposed to IETF to make it open standard ACME Protocol
  • 19. ● Your certificate and chain have been saved at: /etc/letsencrypt/live/pdp7.com/fullchain.pem ● Your cert will expire on: 2016­02­07 ● To obtain a new version of the certificate in the future, simply run Let's Encrypt again. ● Your account credentials have been saved in your Let's Encrypt configuration directory at: /etc/letsencrypt ● You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Let's Encrypt so making regular backups of this folder is ideal.
  • 20. ● My pdp7.com hosted by Debian 8.2 server on DigitalOcean ● Apache SSL Config file:    /etc/apache2/sites­enabled/default­ssl.conf     <IfModule mod_ssl.c>         <VirtualHost *:443>             SSLEngine on             SSLProtocol             all ­SSLv2 ­SSLv3             SSLCipherSuite          ECDHE­RSA­AES128­GCM­SHA256:ECDHE­ECDSA­AES12             SSLHonorCipherOrder     on             SSLCompression          off             SSLCertificateFile /etc/letsencrypt/live/pdp7.com/fullchain.pem             SSLCertificateKeyFile /etc/letsencrypt/live/pdp7.com/privkey.pem             ServerSignature Off             AcceptPathInfo Off             AddOutputFilterByType DEFLATE text/html text/plain text/xml applicati             AddDefaultCharset UTF­8             SSLOptions +StrictRequire             ServerAdmin admin@pdp7.com             ServerName pdp7.com             DocumentRoot /var/www/html             ErrorLog ${APACHE_LOG_DIR}/error.log             LogLevel warn             CustomLog ${APACHE_LOG_DIR}/access.log combined             LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User­agent}i              LogFormat "%v %h %l %u %t "%r" %>s %b" vhost_common         </VirtualHost>     </IfModule>
  • 27. Why 90-day lifetimes for certs? ● 90 days is nothing new on the Web ● 29% of TLS transactions use 90-day certs (per Firefox Telemetry) ● Limit damage of key compromise & mis- issuance ● Encourage automation, which is essential for ease-of-use
  • 28. Get Involved ● All code & protocol specifications are on GitHub ● Client software development mailing list ● CA software development mailing list ● ACME protocol dev IETF mailing list ● Community Support Forum (Discourse)