Installing SSL Certificates for HTTPS
Elsewhere [ edit ]
Since around 2010 when the first FireSheep web browser plugin made it easy for anyone to see unencrypted usernames and passwords being used over WiFI network, there has been increasing concern for more ubiquitous web encryption.
Until recently the art and practice of preparing and deploying SSL Certificates to encrypt HTTPS web servers required both technical expertise and annual fees to 'trusted' security firms (e.g. Verisign) - who would in turn provide certificates considered genuine for wide web usage. The technical barriers to generating and deploying SSL Certificates have pretty much evaporated since then. The artificial tax to 'trusted' security firms to vet certificates for a fee looks to also evaporate, or at least reduce significantly, with Mozilla Foundation's new Let's Encrypt service that provides free SSL Certificates that are also considered legitimate for wide web usage.
# git clone https://github.com/letsencrypt/letsencrypt $ ./letsencrypt-auto certonly --manual -d mytake.howtolabs.net - needs to be run from a system that can receive requests to to the target domain - generates 4 files - special web accessible directory will need to be populated with one time magic file .well-known/acme-challenge # ls -lh /etc/letsencrypt/archive/mytake.howtolabs.net/ root root 1.8K cert1.pem root root 1.7K chain1.pem root root 3.5K fullchain1.pem root root 1.7K privkey1.pem
A certificate can be generated to satisfy multiple domains by providing addition -d directives.
Apparently a new toolset called certbot has been rolled out. Note, many Let's Encrypt tools depend on an API services that occasionally go offline for various reasons. The API server status can be checked here: letsencrypt.status.io
Checking contents of a given certificate file. There are many other variants of the openssl command to help peek inside a certificate file beside this.
$ openssl x509 -text -in cert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 03:ed:c4:70:1d:d5:15:3f:a2:3d:05:11:c5:53:b5:37:58:fb Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 Validity Not Before: May 19 18:25:52 2020 GMT Not After : Aug 17 18:25:52 2020 GMT Subject: CN=m1.zaptech.com ...