Lets Encrypt October 11, 2018 Justin Sun Padlock icon Your - - PowerPoint PPT Presentation

let s encrypt
SMART_READER_LITE
LIVE PREVIEW

Lets Encrypt October 11, 2018 Justin Sun Padlock icon Your - - PowerPoint PPT Presentation

Oct 17, 2023 113 likes •272 views

Introduction to Lets Encrypt October 11, 2018 Justin Sun Padlock icon Your browser is communicating securely with the nejug.org through an encrypted channel Your browser trusts nejug.org because the NEJUG website has a certificate

slide-1
SLIDE 1

Introduction to Let’s Encrypt

October 11, 2018 Justin Sun

slide-2
SLIDE 2
slide-3
SLIDE 3

Padlock icon

  • Your browser is communicating securely with the nejug.org through

an encrypted channel

  • Your browser trusts nejug.org because the NEJUG website has a

certificate

  • The certificate is valid – not expired and not revoked
  • The certificate is signed by a Certificate Authority (CA) that your browser

trusts

slide-4
SLIDE 4

Certificates and Certificate Authorities

When you visit a website over a secure connection, the website presents your browser with a digital certificate. This certificate identifies the hostname of the site and verifies the site owner. Certificates are issued to website operators and signed by a Certificate Authority (CA). The proof of identity represented in a Certificate may be trusted by the user as long as the user trusts the Certificate Authority. Modern operating systems typically ship with over 200 trusted CAs, some of which are operated by governments. Today’s model requires all users to trust that the hundreds of CA

  • rganizations correctly issue certificates...

Source: https://transparencyreport.google.com/https/certificates

slide-5
SLIDE 5
slide-6
SLIDE 6

Let’s Encrypt

  • Free: Anyone who owns a domain name can use Let’s Encrypt to
  • btain a trusted certificate at zero cost.
  • Automatic: Software running on a web server can interact with Let’s

Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.

  • Open: The automatic issuance and renewal protocol will be published

as an open standard that others can adopt. Source: https://letsencrypt.org/about/

slide-7
SLIDE 7

Automatic Certificate Management Environment (A (ACME)

  • Protocol for interacting with a CA
  • Verify that applicant owns a domain
  • Issuance of the certificate

Source: https://ietf-wg-acme.github.io/acme/draft-ietf-acme- acme.html#rfc.section.6.1

slide-8
SLIDE 8

Using Let’s Encrypt

  • Domain owner provides proof of ownership of a domain
  • Let’s Encrypt verifies information submitted
  • If verification is successful, the domain owner can create a new

certificate, good for 90 days

slide-9
SLIDE 9

How it works – Domain owner

  • Verify domain ownership – File or DNS change
  • Verify keypair ownership – Sign nonce

Source: https://letsencrypt.org/how-it-works/

slide-10
SLIDE 10

How it works - CA

Source: https://letsencrypt.org/how-it-works/

slide-11
SLIDE 11

How it works – certificate operations

  • Create certificate
  • Renew within 30 days of expiration
  • Revoke certificate
slide-12
SLIDE 12
slide-13
SLIDE 13

Growth

Date Certificates issued March 8, 2016 1 million April 21, 2016 2 million June 3, 2016 4 million June 22, 2016 5 million September 9, 2016 10 million November 27, 2016 20 million December 12, 2016 24 million June 28, 2017 100 million August 6, 2018 115 million September 14, 2018 380 million Source: https://en.wikipedia.org/wiki/Let%27s_Encrypt

slide-14
SLIDE 14

How many certificates have been issued?

slide-15
SLIDE 15

Resources

  • Let’s Encrypt Website: https://LetsEncrypt.org
  • Wikipedia entry: https://en.wikipedia.org/wiki/Let%27s_Encrypt