Download - Let's Encrypt! Wait. Why? How? - WC Pune
![Page 1: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/1.jpg)
LET’S ENCRYPT!WAIT. WHY? HOW?
WordCamp Pune | @NancyThanki
![Page 2: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/2.jpg)
![Page 3: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/3.jpg)
WHAT IS HTTPS
![Page 4: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/4.jpg)
HTTP PROTOCOL + SECURITY
▸ SSL/TLS ( Secure Sockets Layer / Transport Layer Security)
▸ keeps your passwords, communications, and credit card details safe between your computer and the servers you’re communicating with on the other side.
▸ still speaking in HTTP, but the communication is encrypted and decrypted
![Page 5: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/5.jpg)
HOW DOES IT WORK?
HELLO —> CERTIFICATE EXCHANGE —> KEY EXCHANGE
1. ClientHello message
▸ aka the information the server needs to connect to the client via SSL
▸ server will respond with a ServerHello i.e. similar info including the cipher suite and version of SSL to be used
2.Certificate Exchange
▸ the server needs to prove its identity via its SSL certificate*
▸ does it either (a) implicitly trust or (b) is it verified by one of many CAs
3. Key Exchange
‣ Encryption via a symmetric algorithm using a single key
* the client may also need to prove its identity, but not always
![Page 6: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/6.jpg)
WHAT’S THE POINT?
▸ HTTP requests and responses can now be sent through an encrypted plaintext message
▸ i.e. verifies that you’re talking directly to the the server you think you’re talking to
▸ But because only the other side knows how to decrypt this message, Man In The Middle Attackers are unable to read or modify any requests that they may intercept.
▸ i.e. ensures that only that server can read what you send and only you can read what it sends
Diffie–Hellman Key Exchange
![Page 7: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/7.jpg)
WHILST THE LITTLE GREEN PADLOCK AND THE LETTERS “HTTPS” IN YOUR ADDRESS BAR DON’T MEAN THAT THERE ISN’T STILL AMPLE ROPE FOR BOTH YOU AND THE WEBSITE YOU ARE VIEWING TO HANG YOURSELVES ELSEWHERE, THEY DO AT LEAST HELP YOU COMMUNICATE SECURELY WHILST YOU DO SO.
Rob Heaton
![Page 8: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/8.jpg)
SIGNIFICANCE OF SSL
![Page 9: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/9.jpg)
▸ if you see encrypted traffic today, you can generally assume there is a reason.
▸ by encrypting everything you give cover to those who need it
▸ for example political dissidents
![Page 10: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/10.jpg)
SNOWDEN LEAKS
![Page 11: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/11.jpg)
PRIVACY AS A RIGHT
![Page 12: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/12.jpg)
FREEDOM OF SOFTWARE*
* well respected within the WordPress community
![Page 13: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/13.jpg)
FREEDOM OF PRIVACY
![Page 14: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/14.jpg)
FREEDOM TO USE
SOFTWARE+
FREEDOM TO USE IT PRIVATELY
![Page 15: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/15.jpg)
NEVER “JUST” A BLOG
![Page 16: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/16.jpg)
HOW DOES SSL WORK?
![Page 17: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/17.jpg)
HOW DOES SSL WORK?
WHY DOES IT PROTECT SENSITIVE INFORMATION?
1. 2 key encryption
▸ private key and public key agree on a key for this exchange
▸ symmetric algorithm with asymmetric encryption
▸ anyone can encrypt using the public key, but only the server can decrypt using the private key
2. digital signature is “signed” by another authority
3. self-signing
![Page 18: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/18.jpg)
WHAT IS A “CA”? (AKA CERTIFICATE AUTHORITY)
![Page 19: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/19.jpg)
“A NOTARY FOR THE WEB”
![Page 20: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/20.jpg)
WHAT IS “LET’S ENCRYPT”?
![Page 21: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/21.jpg)
WHAT IS “LET’S ENCRYPT”?
SETUP OF A DOMAIN VALIDATION (DV) CERTIFICATE*
1. Download Let’s Encrypt on your server that has the address www.oohshinywebsite.com:
sudo apt-get install lets-encrypt
2. You run it as sudo telling it you want to get a certificate for your domain
lets-encrypt oohshinywebsite.com
* DV Certificate = “the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.” There are other types of certificates with varying requirements.
![Page 22: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/22.jpg)
SO…HOW DO YOU ENCRYPT YOUR SITE?
![Page 23: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/23.jpg)
SHARED HOSTING
‣ Bluehost
‣GoDaddy
‣ SiteGround
‣WP Engine
‣DreamHost
‣HostGator
‣ Big Rock
‣Hosting Raja
‣Hostripples
‣Domain Racer
‣ InMotion Hosting
‣ LE’s community list
![Page 24: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/24.jpg)
HOW TO ENCRYPT YOUR SITE
VPS AND OTHER SERVER SETUPS
▸ nginx - https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04
▸ Apache - https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
▸ Centos vs Debian/Ubuntu - https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates
![Page 25: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/25.jpg)
WORDPRESS.COM
It’s already done.
Learn more here and here.
Sign up here
![Page 26: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/26.jpg)
COMMON ISSUES
![Page 27: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/27.jpg)
THE BAD
▸ No wild cards, i.e. difficult in multi/load-balanced setup
▸ Renewal every 90 days
THE GOOD
▸ Easy to setup
▸ Free to use
▸ Good for single server setups
![Page 28: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/28.jpg)
COMMON ISSUES
JETPACK
▸ change WordPress settings
▸ Dashboard > Settings > General
▸ site URL, WordPress URL
GOOGLE SEO
▸ your search rankings vs any modicum of care you have for your audience
![Page 29: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/29.jpg)
FAQS
![Page 30: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/30.jpg)
FAQS
I SET IT ALL UP. DOES THIS MEAN I WON’T BE HACKED?No. Absolutely not.
WILL IT MAKE MY SITE SLOWER?Not really.
WHAT’S THE DIFFERENCE BETWEEN “LET’S ENCRYPT” AND PAID SSL CERTIFICATES?Nothing technically. But within things like PR or insurance…kinda.
![Page 31: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/31.jpg)
COMMON MISCONCEPTIONS
![Page 32: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/32.jpg)
COMMON MISCONCEPTIONS*
AUTHENTICATION“A proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to a criminal’s server.”
INTEGRITY“because it’s now over HTTPS, and you’re protecting against MITM attacks you can be assured that the information is in fact the information you’re meant to get.”
ENCRYPTION“it encrypts the information as it’s being transferred from the browser to the web server. This is known as encryption in transit, and talks to nothing about encryption at rest.”
* Read Tony Perez’s article :)
![Page 33: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/33.jpg)
COMMON MISCONCEPTIONS*
PHISHINGif the website housing the phishing page has https, and it is verified, it will show the user that lovely green padlock.
NATION STATE ATTACKS“My advice, assume everything you do online — HTTPS or HTTP — is being monitored.
IN CONCLUSIONIt’s definitely a critical piece of the overarching security wheel associated with website security, but it’s not going to stop websites from getting hacked, the distribution of malware or keep website owners safe.
* Read Tony Perez’s article :)
![Page 34: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/34.jpg)
CROWDFUNDINGLET’S ENCRYPT
GITHUB
![Page 35: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/35.jpg)
SOURCES
▸ http://robertheaton.com/2014/03/27/how-does-https-actually-work/
▸ http://security.stackexchange.com/questions/11464/getting-a-root-ca-accepted-in-systems-and-browsers
▸ http://robertheaton.com/2015/04/06/the-ssl-freak-vulnerability/
▸ https://blog.hartleybrody.com/https-certificates/
▸ https://www.cryptologie.net/article/274/lets-encrypt-overview/
▸ https://letsencrypt.org/getting-started/
▸ https://www.youtube.com/watch?v=OZyXx8Ie4pA
▸ https://www.globalsign.com/en/ssl-information-center/types-of-ssl-certificate/
▸ https://medium.com/@kevinsimper/review-of-getting-free-https-with-let-s-encrypt-5515f74be5f6#.5qzjv4bc8
▸ https://perezbox.com/2015/07/https-does-not-secure-your-website/
![Page 36: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/36.jpg)
ऑटोमॅिटक येथे सामील व्हा
▸ अजर् पाठवा - http://automattic.com/work-with-us
▸ अिधक मािहती पािहजे का ?
▸ आमच्या काउंटर वर आपले स्वागत आह े
![Page 37: Let's Encrypt! Wait. Why? How? - WC Pune](https://reader034.vdocument.in/reader034/viewer/2022042907/5885f0c41a28ab864f8b5c17/html5/thumbnails/37.jpg)
COME WORK WITH US!
▸ Be a part of products that power over 27% of the web
▸ Collaborate with and learn from over 500+ colleagues in 60+ countries
▸ Set work hours that are convenient for you and your family
▸ Earn a globally competitive salary while living in India
▸ Travel a few times a year to meet your team, and engage with the wider WordPress community
▸ Apply at http://automattic.com/work-with-us
▸ Want to learn more?
▸ Come chat with us at our booth!