Pages

Monday, December 7, 2015

Let’s Encrypt!

Just last week LetsEncrypt.org entered public beta. This is newsworthy because SSL and TLS security are becoming more and more important for web applications, and the developers that create them. I won’t go into the details of the importance of using SSL and other stronger forms of transport layer security (TLS). There's a plethora of information on the web, as well as my favorite training site, Pluralsight.com. But, it suffices to say, if you are creating a web app these days, you need to be using SSL.

LetsEncrypt.org is important because they are a free certificate authority backed by some of the biggest companies in tech such as Facebook, Cisco, and Mozilla. This corporate support is part of a larger movement in the industry to make SSL the default transport on the internet. Amidst enormous data breaches and high-profile website hacks, companies are beginning to realize the fundamental importance of securing the internet.

If you're running Linux you can get started by downloading the LetsEncrypt client from GitHub here:

https://github.com/letsencrypt/letsencrypt

This will give you a command line client that allows you issue, renew, and revoke a certificate. My goal with this post is not to cover how to issue certs, but to raise awareness of the LetsEncrypt.org service, so I’m not going to go into the details of certificate management. But, their website and GitHub pages offer detailed instructions on how to use the client.

From now on, we have no excuse to not secure our sites! Let’s Encrypt!

P.S. - A quick note about viaMacchina.com... We recognize the hypocrisy of highlighting a service that enables easy and free SSL certificates when this blog does not, in fact, use SSL. To be clear, this blog is hosted by Blogger.. which does support SSL..., but only for blogs that use the internal, Blogger domain names. Since we are using a custom domain name, currently Blogger does not allow us to add any type of TLS. We could always move to a new blogging platform, but we are very happy with Blogger, and we hope that the option to secure all blogs, including those that use custom domains, will be a feature incorporated into the Blogger service in the near future.

2 comments: