Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Free valid SSL certificate for local development with Let’s Encrypt

41 views

Published on

Meetup #2 : le chiffrement - https://tinyurl.com/y5mg6s2q
May 23, 2019
Mickael PALMA @ L’Argus

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Free valid SSL certificate for local development with Let’s Encrypt

  1. 1. Free valid SSL certificate For local development with Let’s Encrypt Meetup #2 : le chiffrement - May 23, 2019 - Mickael PALMA @ L’Argus
  2. 2. whoami • Mickael PALMA
 mpalma@largus.fr • Argus API CTO • LinkedIn
  3. 3. Let’s Encrypt • non-profit certificate authority
 Internet Security Research Group • Free X.509 certificates for TLS • Easy SSL configuration • Valid certificates for 90 days • Automatic certificate renewal
  4. 4. Issued certificates Inmillionissued 0 90 180 270 360 450 March8,2016 April21,2016 June3,2016 June22,2016 September9,2016 November27,2016 December12,2016 June28,2017 August6,2018 September14,2018 380 115 100 2420105421
  5. 5. ACME Protocol • HTTP-01 challenge • DNS-01 challenge • TLS-SNI-01 challenge
 Disabled in March 2019 • TLS-ALPN-01 challenge
  6. 6. • API v2
 March 13, 2018 • incompatible with v1 • single domains - HTTP / DNS
 example.com, www.example.com • wildcard domains - DNS
 *.example.com Let’s Encrypt API • API v1
 April 12, 2016 • single domains - HTTP / DNS
 example.com, www.example.com • DEPRECATED
  7. 7. Certbot • Let’s Encrypt “official” client
 Python • Most extensive client
 HTTP → HTTPS redirects
 OCSP stapling
 HSTS
 upgrade-insecure-requests
  8. 8. DEMO File samples on Gist
  9. 9. Recipe • Register a domain name (domain.me) • Use Cloudflare as name server • Point wildcards (*) to 127.0.0.1 • Get certificate with certbot
 With Cloudflare plugin and DNS-01 challenge • Configure your web server with it
  10. 10. Resources • Let's Encrypt official website • ACME challenges types • Certbot / Github
 Alternative acme.sh • TLS-SNI-01 vulnerability discovery story • Gist
  11. 11. Mickael PALMA “MERCI”

×