Services     Software     Commentary     Design     Astral Musings   
SSL Certificates
Installing SSL Certificates for HTTPS

2016-01, rickatech

Elsewhere [ edit ]

Since around 2010 when the first FireSheep web browser plugin made it easy for anyone to see unencrypted usernames and passwords being used over WiFI network, there has been increasing concern for more ubiquitous web encryption. 

Until recently the art and practice of preparing and deploying SSL Certificates to encrypt HTTPS web servers required both technical expertise and annual fees to 'trusted' security firms (e.g. Verisign) - who would in turn provide certificates considered genuine for wide web usage.  The technical barriers to generating and deploying SSL Certificates have pretty much evaporated since then.  The artificial tax to 'trusted' security firms to vet certificates for a fee looks to also evaporate, or at least reduce significantly, with Mozilla Foundation's new Let's Encrypt service that provides free SSL Certificates that are also considered legitimate for wide web usage.

# git clone

$ ./letsencrypt-auto certonly --manual -d
  - needs to be run from a system that can receive requests to
    to the target domain
  - generates 4 files
  - special web accessible directory will need to be populated with
    one time magic file

# ls -lh /etc/letsencrypt/archive/

  root root 1.8K cert1.pem
  root root 1.7K chain1.pem
  root root 3.5K fullchain1.pem
  root root 1.7K privkey1.pem 

A certificate can be generated to satisfy multiple domains by providing addition -d directives.

Update 2016-12-20

Apparently a new toolset called certbot has been rolled out.  Note, many Let's Encrypt tools depend on an API services that occosionally go offline for various reasons.  The API server status can be checked here:

zap technologies
tablet | printable