Let's Encrypt

A Free, Automated and Open Certificate Authority

Arief Karfianto

 Report on Emerging E-Business Technologies

Outline

  • Introduction

  • Let's Encrypt Design

  • Let's Encrypt Implementation

  • Conclusion

Introduction

  • Enterprises need high-level security : e-Business applications, online trading, banking and web service-based business process automation.
  • Public Key Infrastructure (PKI) is one of security technology. 
  • PKI is a system involving digital certificates, certification authorities (CAs), and registration authorities (RAs) that verify and authenticate the validity of certificate from each party involved in an electronic transaction (Papazoglou & Ribbers 2006, p. 376).

Introduction (cont.)

Introduction (cont.)

The biggest obstacle to Hypertext Transport Protocol Secure (HTTPS) deployment :

  • complexity
  • bureaucracy
  • cost 
     

Introduction (cont.)

In 2015, Electronic Frontier Foundation released Let’s Encrypt.  

  • automates the certificate management on servers
  • provides simple tools to manage HTTPS
  • do not need email validation and complex configuration 
  • automatically manages the renewal process
  • free of charge
     

Let's Encrypt Design

Let’s Encrypt aims to automatically configure an HTTPS server with trusted certificate.

This is done by executing an open source certificate management agent on each of the web application servers.

Domain Validation

Domain Validation (cont.)

Certificate Issuance

Implementation

// update the ubuntu repository
$ sudo apt-get update

// install git scm
$ sudo apt-get install git 

// clone the agent from github
$ sudo git clone https://github.com/certbot/certbot /opt/letsencrypt

// create certificate for example.com and www.example.com
$ cd /opt/letsencrypt
$ ./letsencrypt-auto --apache -d example.com -d www.example.com

// check the validity and renew the certificate
$ ./letsencrypt-auto renew

// put auto renewal script to cron
$ sudo crontab –e

$ 30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew

Implementation

  • Let’s Encrypt has issued its millionth certificate by March 2016 (Aas 2016).
  • Securing approximately 2.4 million domains
  • Growing at the rate of more than 100,000 certificates per week
  • Let’s Encrypt also received a significant endorsement from major companies such as Mozilla, Akamai, Cisco, and Electronic Frontier Foundation
  • Its implementation on hosting companies helps many sites including e-Business websites implement HTTPS with Let’s Encrypt
     

Implementation

the growth of HTTPS has increased four-fold since Let's Encrypt was launched.”

                                                                                                          -- Mozilla

Source: https://blogs.akamai.com/2016/04/how-has-lets-encrypt-impacted-web-security.html

Implementation

Showcase

Conclusion

  • Web access security is an important aspect of e-business solutions.
  • One of the internet protocols widely used to secure communication between clients and web-based application servers is HTTPS.
  • The majority of websites do not implement HTTPS due to the technical complexity and high cost of obtaining a digital certificate.
  • To improve the number of HTTPS implementation, Internet Security Research Group developed Let’s Encrypt, a free, automated and open Certificate Authority (CA).
  • There are two steps for managing digital certificates from Let’s Encrypt. The agent proves that it has the control of a domain, and then it requests, renews, and revokes certificates for that domain. 
  • Since its first launch in 2015, more than 2 million domains, from personal to business, have been using digital certificates from Let’s Encrypt.
  • This emerging technology provides advantages for better e-business security over the internet.

Thank You

References

 

Aas, J 2016, Our Millionth Certificate, Let's Encrypt - Free SSL/TLS Certificates, weblog post, 8 March 2016, viewed 1 April 2016, <https://letsencrypt.org/2016/03/08/ourmillionth-cert.html>.

 

Eckersley, P 2014, Launching in 2015: A Certificate Authority to Encrypt the Entire Web,
Electronic Frontier Foundation, weblog post, 18 November 2014, viewed 1 April 2016, <https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entireweb>.

 

Getting Started - Let's Encrypt - Free SSL/TLS Certificates 2016 Internet Security Research Group, viewed 1 April 2016, <https://letsencrypt.org/getting-started/>.
 

How It Works - Let's Encrypt - Free SSL/TLS Certificates 2016, Internet Security Research Group, viewed 1 April 2016, <https://letsencrypt.org/how-it-works/ >.

 

Papazoglou, M & Ribbers, P 2006, E-business: organizational and technical foundations, Chichester, England, John Wiley.
 

Let's Encrypt

By Arief Karfianto

Let's Encrypt

A free, automated and open certificate authority. Presentation by Arief Karfianto

  • 1,413