Introduction to Let’s Encrypt

Slides:



Advertisements
Similar presentations
Chubaka Producciones Presenta :.
Advertisements

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
2012 JANUARY Sun Mon Tue Wed Thu Fri Sat
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Module 9: Fundamentals of Securing Network Communication.
DATE POWER 2 INCOME JANUARY 100member X 25.00P2, FEBRUARY 200member X 25.00P5, MARCH 400member X 25.00P10, APRIL 800member.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
SSL Certificates for Secure Websites Dan Roberts Kent Network Users Group Wednesday, 17 March 2004.
Creating and Managing Digital Certificates Chapter Eleven.
2011 Calendar Important Dates/Events/Homework. SunSatFriThursWedTuesMon January
July 2007 SundayMondayTuesdayWednesdayThursdayFridaySaturday
Let’s Encrypt and DANE ENOG 11 | Moscow | 8 Jun 2016.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
Key management issues in PGP
Setting and Upload Products
Mike Irving Software Developer, Consultant Web Development: - mainly on C# / .NET, SQL Server, Windows Server Years Commercial Experience. Mobile.
Public Key Infrastructure (PKI)
Apache web server Quick overview.
SSL Certificates for Secure Websites
Information Security message M one-way hash fingerprint f = H(M)
(Originally by Joel Jaeggli for AfNOG 2007)‏
Voucher and Voucher Revocation Profiles for Bootstrapping Protocols draft-kwatsen-netconf-voucher-00 NETCONF WG IETF 97 (Seoul)
How to Check if a site's connection is secure ?
Topic 1: Data, information, knowledge and processing
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Using SSL – Secure Socket Layer
Introducing Umbraco Latch
Dynamic DNS support for EGI Federated cloud
McDonald’s Kalender 2009.
McDonald’s Kalender 2009.
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
1   1.テキストの入れ替え テキストを自由に入れ替えることができます。 フチなし全面印刷がおすすめです。 印刷のポイント.
January MON TUE WED THU FRI SAT SUN
January MON TUE WED THU FRI SAT SUN
Information Security message M one-way hash fingerprint f = H(M)
2017/18 Payment Calendar Due Date Cut-off Day 1st of every month
McDonald’s Kalender 2009.
MaGrid CA Self audit and update
January Sun Mon Tue Wed Thu Fri Sat
January MON TUE WED THU FRI SAT SUN
January MON TUE WED THU FRI SAT SUN
Problem Gambling Clicks to Opgr.org
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
2300 (11PM) September 21 Blue line is meridian..
January MON TUE WED THU FRI SAT SUN
McDonald’s calendar 2007.
CS – E-commerce Technologies – Lecture 07
1 - January - Sun Mon The Wed Thu Fri Sat
January MON TUE WED THU FRI SAT SUN
JANUARY 1 Sun Mon Tue Wed Thu Fri Sat
January MON TUE WED THU FRI SAT SUN
JANUARY 1 Sun Mon Tue Wed Thu Fri Sat
PKI (Public Key Infrastructure)
Tropical cyclones movement
Electronic Payment Security Technologies
January MON TUE WED THU FRI SAT SUN
S M T W F S M T W F
JANUARY 1 Sun Mon Tue Wed Thu Fri Sat
McDonald’s calendar 2007.
1 January 2018 Sun Mon Tue Wed Thu Fri Sat
Habitat Changes and Fish Migration
2015 January February March April May June July August September
Habitat Changes and Fish Migration
Presentation transcript:

Introduction to Let’s Encrypt October 11, 2018 Justin Sun

When you visited the nejug When you visited the nejug.org website, you may have noticed a padlock icon and https in the address bar.

Padlock icon Your browser is communicating securely with the nejug.org through an encrypted channel Your browser trusts nejug.org because the NEJUG website has a certificate The certificate is valid – not expired and not revoked The certificate is signed by a Certificate Authority (CA) that your browser trusts

Certificates and Certificate Authorities When you visit a website over a secure connection, the website presents your browser with a digital certificate. This certificate identifies the hostname of the site and verifies the site owner. Certificates are issued to website operators and signed by a Certificate Authority (CA). The proof of identity represented in a Certificate may be trusted by the user as long as the user trusts the Certificate Authority. Modern operating systems typically ship with over 200 trusted CAs, some of which are operated by governments. Today’s model requires all users to trust that the hundreds of CA organizations correctly issue certificates... Source: https://transparencyreport.google.com/https/certificates Google’s Transparency Report has a great definition of a certificate and a certificate authority.

Let’s Encrypt Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost. Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal. Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt. Source: https://letsencrypt.org/about/

Automatic Certificate Management Environment (ACME) Protocol for interacting with a CA Verify that applicant owns a domain Issuance of the certificate Source: https://ietf-wg-acme.github.io/acme/draft-ietf-acme- acme.html#rfc.section.6.1

Using Let’s Encrypt Domain owner provides proof of ownership of a domain Let’s Encrypt verifies information submitted If verification is successful, the domain owner can create a new certificate, good for 90 days

How it works – Domain owner Verify domain ownership – File or DNS change Verify keypair ownership – Sign nonce Source: https://letsencrypt.org/how-it-works/

How it works - CA Source: https://letsencrypt.org/how-it-works/

How it works – certificate operations Create certificate Renew within 30 days of expiration Revoke certificate

Growth Date Certificates issued March 8, 2016 1 million April 21, 2016 June 3, 2016 4 million June 22, 2016 5 million September 9, 2016 10 million November 27, 2016 20 million December 12, 2016 24 million June 28, 2017 100 million August 6, 2018 115 million September 14, 2018 380 million Source: https://en.wikipedia.org/wiki/Let%27s_Encrypt

How many certificates have been issued?

Resources Let’s Encrypt Website: https://LetsEncrypt.org Wikipedia entry: https://en.wikipedia.org/wiki/Let%27s_Encrypt

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.