Skip to main content

LetsEncrypt - Free Open Certificate Authority

Have you ever noticed a green https:// near the website address name on the browsers? If you had noticed, you are luckily aware of the internet website security. https is a secure protocol version of http while http is hyper text transfer protocol to view web documents across internet. The https is enabled through obtaining a web security certificate from Certificate Authority(CA).

The certificate authority is the one who verifies and validates your website and ensures the website is what it claims to be. There are many types of validations, namely, Domain Validation, Extended Validation etc. Some CAs provide wildcard certificates, i.e one certificate is enough to secure the web domain and all of its subdomains. For your information, All financial websites, banking sites use https protocol in order to protect customer information and avoid man in the middle attacks. They obtain https certificate from different CAs, mostly high expensive certificate providers. Ok. So, Is there any free Certificate Authority?

Yes, LetsEncrypt is an automated, free, open Certificate Authority provided by Internet Security Research Group(ISRG). The group intends to secure the website and make web a place for sharing safe and secure documents. It provides free Domain Validation(DV) Certificates. How to obtain a free DV certificate from LetsEncrypt CA?

LetsEncrypt works based on ACME protocol. There are many ACME clients available of which CertBot is popular. Using CertBot client, anyone can verify their domain and obtain a free DV certificate from LetsEncrypt for the period of 90 days. Once the validity is over, user can renew the certificate. Since the process of renewing cerificates can be automated, the LetsEncrypt certificates are more secure than commercial long validity certificate. Long validity Certificate is prone to security vulnerabilities due to the nature of prolongevity.

What should I do to get the LetsEncrypt Certificate running in my personal website? LetsEncrypt ACME clients can run based on standalone, apache or Nginx Servers. Apache based certificate generation is more stable than Nginx. First, we install CertBot and ensure the apache is running in our server. Make sure the domain address is pointing to the server address using A record in the DNS provider system. Once these are set, issue a certificate issuance command for the domain you want to get certificate for. That certbot will run LetsEncrypt agent to do its job.

The agent requests LetsEncrypt a DV certificate, in turn, LetsEncrypt puts set of challenges that the agent has to complete. The challenges are basically to know the domain is really controlled by the agent. Once the challenge is met, LetsEncrypt issues DV certificate for 90 days. After 90 days, the user can run renew certificate command to get another one. Since the automation of certbox is quite easy, user can do this in automated fashion.

What is more? LetsEncrypt is planning to issue wild card certificate starting Jan 2018. This means user can protect the domain as well as its subdomains free of cost.

Caveat: Since its free of cost, there is no guarantee of protection insurance like the ones provided by commercial CAs. This is only suitable for personal, non profit or non financial systems. If you think you don't need any security insurance and want a free of cost DV certificates, you have one, LetsEncrypt.

Comments

Popular posts from this blog

CSRF enabled Ajax requests using Spring Security

Many of you who have worked on Spring Security might be aware of the fact that Spring Security protects applications from Cross Site Request Forgery using _csrf tokens in the request sent to the web server. You can find a detailed understanding in the Spring documentation page. The objective of this post is to explain how to send _csrf tokens in the Ajax requests when we protect our application URL and application access using spring security.

How to get CSRF tokens
While we submit a form using an application that is protected with Spring Security, the form gets a default hidden parameter in the form body when using <form:form> element. The param contains the _csrf tokens to authenticate the requests in the server. In case we use other ways to create forms, we have to manually include a hidden parameter that contains name as ${_csrf.parameterName} and  value as ${_csrf.token}. For example,
<inputtype="hidden"name="${_csrf.parameterName}"value="${_csrf…

In-Place editing with X-Editable using Datatable plugin

Introduction
In-place editing is a trending feature that can be seen in many latest web applications, a popular example would be trello.com where the editing data happens on the web page without any explicit forms or popups. Another such example I could point out is, thoughtplan.com. The in-place editing is very nice in such a way that editing data seems so natural and user friendly.

To enable in-place editing, there are many free JQuery plugins available on the internet. We are discussing a very popular plugin called x-editable. Most of the time we use html tables to display data where in-place editing is enabled. Hence we need another plugin to elegantly display tables with enormous data. We use a famous JQuery plugin called datatable. Both of these plugins are used widely and free to use.

Assumption      : Bootstrap 3, JQuery used Projects

Integration
In order to enable datatable features on any ordinary table found on web page, we should initialise datatable plugin for that table. I…

Flyway Integration with Spring Boot

This post talks about how we integrated Flyway with Spring Boot and enjoyed the power of database migration seamlessly. If you have worked on Enterprise applications, data migration is really liability for your project. One wrong move, your data get lost during your production patch fixes or release updates. To mitigate such issues happening over manual migrations or even in-house programmatic data migration, we adopted Flyway, an open-source database migration tool that favors simplicity and convention over configuration. Luckily, Spring Boot naturally gels with Flyway.

Flyway               : 4.2.0
Spring Boot      : 1.5.6.RELEASE
Assumption      : Java, MySQL & Maven Used Projects

Flyway Maven Dependency
Flyway has Maven dependency that we need to specify in the pom.xml while we configure spring-boot-starter dependencies. This makes sure Spring Boot look for database migration scripts in the classpath. The default lookout path is src/main/resources/db/migration and the scripts are …