Lets Encrypt Demo for Windows + creating self signed certificate in IIS

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello I'm going to attempt to show you a demo on what's involved with installing a free valid certificate on a windows instance running a Windows web application this particular web application happens to be a dotnet core 2o application real basic one I just generated it from Visual Studio and told us to do a new net core 2o app and I deployed it up to the cloud but this could be on any server that you have doesn't have to be in the cloud what I'm going to do is I'm going to use let's encrypt and the inspiration to this was a class that I took from a gentleman named Nick Janet Equis and I'll provide a link to to his course as well as a link to all of the pertinent things that you'll see in this video at the bottom of this video so his course is an excellent one it basically teaches you everything you need to know about let's encrypt and it provides you with production ready scripts that run on Ubuntu in Linux and other unix-like an install this on a Windows box so right now this particular application is running over HTTP and not HTTPS and first of all what I wanted to mention there's a lot of information about let's encrypt but let's encrypt is the real deal and they are kind of like an open source thing if you will and they have all these sponsors that donate and these sponsors are big time you know Cisco chrome Facebook Mozilla you know so there's there's a lot of people out there in the industry that are donating to this their main mission is to try to get everybody running on HTTPS I know that late last year Google has announced that they were going to reduce the ratings of those folks whose websites don't run on HTTPS and as well as having the Google Chrome browser kind of notify you to that hey when you visit that page the site is not going to be secured so people will see that so that's kind of alarming so it's really a good idea to start you know putting certificates on every single website out there that you do for that reason alone and also you know to gain the trust of your customers so one of the first things that you'll need to do for let's encrypt is you'll need to install a Acme client in Acme stands for automated certificate management environment and it's kind of like an interface you can write a client as long as it implements that interface to you know that it can go out there let's encrypt we'll go ahead and issue you some certificates so the client that I'm going to use is PK I sharp and like I said I'll provide the link for it it's a github page and I was you know Nick had mentioned in a correspond corresponding email that it would be a really good idea to change this or to see if you can get this script to issue out test certificates with let's encrypt like for example this staging URL and I think that's a fantastic idea and that might be something I look into potentially in the future for another video but for this example I'm just going to go ahead and and download the executable and have it issue a certificate from the production URL because you are kind of limited to how many certificates you can generate per week especially that's important especially if you're testing things out let's encrypt may actually stop after 10 or 20 or whatever that number is and then you'll have to wait you know a couple more days or whatever till you can get some more certificates issued from them for the same domain so anyways and one last thing I wanted to mention is they only provide to the best of my knowledge DV certificates the domain validation certificates so they don't do a there's another certificate type or you can actually see the company names show up and and I can't wear organizational certificates or something like that they also do Sand certificates which allow for multiple subdomains so and the certificates need to be renewed every three months with let's encrypt so that's so they encourage you know you that you have like maybe a scheduled job that runs every so often maybe every two months or whatever it goes out and renews your certificates it's recommended from what I was reading and hearing that you do the renewal process you know don't wait until the last minute on you know up to midnight of the third month because you may have some problems and you don't want clients going to your site the very next day and you not being able to get a new certificate so it doesn't hurt to renew every two months or whatever so having said all that I'm gonna go ahead and download this client so you're on this page go ahead and you know you click on this latest release and inside of there you're gonna see this zip file it may be different depending on when you look at this the name of it may be different but anyways go ahead and save it and I'm gonna go and since this is a brand new machine that I provisioned up in the cloud I'm gonna create a folder and I'm gonna save save it inside of there okay so I will open the folder double-click in there let's pull everything out of it although you know let's see here we really only need one file well actually we need more than that so just pull everything out of it the next thing we're gonna want to do is open up a PowerShell window so I am going to open up PowerShell gonna run it as administrator not sure if that really matters and then I'm gonna change to this directory just to get everything set up okay so before I do that get the let's encrypt certificate what I'm gonna do is show you so this is HTTP right here if I try to run HTTP it's just gonna spin and spin and spin because we don't have HTTP enabled yet so before I get the actual let's encrypt certificate what I'm gonna do here is I'm going to create a self-signed certificate and it's something that as a developer it's it's a good thing to do before you know before you actually go to production and get a production level certificate like let's encrypt for example while you're in the develop and developing mode you can create a self-signed certificate for your server deploy your application and just test it everything looks ok you will get that funny looking screen that says you know it's all panic panicky looking and I'll show you that but it'll just basically say that it's an untrusted certificate and that's okay for development purposes you probably don't want to run that in production though so if you click here and then you go to server certificates I'm an is here and here this option is called create self-signed certificates so I'm going to call this test untrusted and I'll just select personal ok and the next step I'm going to do basically is go into my default website and I'm going to create a binding so right now the only binding I have out there is HTTP so that just basically says HTTP is only supported protocol for that I'm going to add HTTPS so a data binding call it this my certificate is going to be that self signed untrusted certificate go ahead and we'll add that I'm gonna delete this HTTP binding is this now I'm gonna go to SSL settings and I'm going to select require SSL and except I'm going to hit the apply button and I'm just going to restart the site and then we'll see we'll see what happens here if we try to so now if I try to run HTTP give it a second here okay I'm actually glad this happened here the HTTPS is still spinning but it has absolutely nothing to do with what what we just did here this is kind of a side side topic and if you're not using AWS then you can disregard this but I thought I would include this in here because this is something that's earned me a few times and if HTTPS is still spinning in your AWS console for your ec2 instance it has to do with the security group since I actually provisioned this with cloud formation the script that I wrote so if you take a look at the security groups I just wanted to show you this for that instance the inbound one does not have h2 port 443 opened up so that's why it's spinning so I just need to go ahead and add a new rule here for port 443 you know I keep doing this it's just one of those things you know you can't teach an old dog new tricks I guess so now I just enabled port 443 now if we go and click this HTTPS all of a sudden this is what we wanted to see and like I said for the AWS thing forget about it if you're not using AWS I just happen to be using it to spin up these instances anyways um after you do the binding trick with is and you know and attach yourself signed certificate so if we take a look here refreshing this again here's the binding and here is the self signed certificate and if you try to visit this site you're gonna get this screen yours connection is not secure and I'm gonna delete my regular HTTP one which will no longer run to see if that's gonna spin because I remove the HTTP protocol so we'll close that down but getting back to this the soft signed certificate is why you're seeing this particular case right here that's perfectly okay for development mode you just click advanced you say add the exception confirm the security exception and lo and behold you're there and if you take a look at the certificate up here you get this warning icon on your padlock we'll take a look at the more information we can view the certificate you can see it's the self signed certificate it's all fine and dandy so now we can do our development there but now comes time let's say to deploy this thing to production so in that case um we need a real certificate so let's get one from let's encrypt and let's make that this icon go away and have it replaced with the shiny neat green icon so that Google likes us and your ratings get high and all that good stuff so we went ahead and extracted this client to a directory so let's see here that was this directory right here and I happened to be in that directory running PowerShell look for your let's encrypt dot exe file we'll go ahead and run it you have some options the one you know you have a bunch of options here I guess renew schedule know what since this is the brand-new site I'm just gonna go ahead and create a new certificate select n and you have some other options in here like I said the sand certificates allow for multiple subdomains to be included in one certificate but in this case we just have one domain name so I'm gonna choose option number one and it's traversing site here and it finds the one site which is this one right here so that's fine so you select that go ahead and I don't care about the email address in this case I'll say yes to that question and now it's actually going out to let's encrypt and it's doing the challenges back and forth just to make sure everything's okay no errors so everything seems to be looking okay here so let's do a quick and what I wanted you to see now is if we go to this default website and we edit the bindings again or we look at the bindings and if I click on that and do edit lo and behold the PowerShell script that we just ran goes ahead and installed the certificate from let's encrypt and it just basically set the website certificate to be that one so what does that mean so what that means now is if I bring this page up where we once had this if I just refresh it all of a sudden it turns green and if I highlight over that you'll see that it's verified by let's encrypt it's a secure connection it's very happy let's see here okay little annoying pop-up sir we got a secure connection and it looks like we're pretty much good to go we can view the certificate everything looks great there so that's pretty much it for this demonstration on how to get this site up on a Windows box running let's encrypt and plus you got to see the added feature of you know if you're using AWS to create an instance you want to make sure that you open up the security group of that instance to support poor support port 443 so if you're not using AWS don't worry about that but thank you for watching I hope this helps and you know I hope this helps get your site's and abled with HTTPS these like I said these certificates are completely free so look at the bottom of the YouTube video because I included some links for all this stuff and again thank you so much for watching so you had yourself a great one bye bye
Info
Channel: T Kousek
Views: 42,518
Rating: undefined out of 5
Keywords: https, lets encrypt, self signed certificates
Id: fq5OUOjumuM
Channel Id: undefined
Length: 15min 31sec (931 seconds)
Published: Fri Mar 16 2018
Related Videos
Obtaining an SSL certificate from Let's Encrypt
Shawn at Geomatics Fleming
1.1K
How to Install Lets Encrypt Certificates on IIS with Autorenew
HERESJAKEN
18K
Free Public Certificate, Let’s Encrypt Automated SSL / TLS Certificates - Free for All - Part 1
IT KnowledgeBase
1.2K
Installing a Windows Domain Certificate in Apache Tomcat
Bill Stewart
1.8K
Let's Encrypt Explained: Free SSL
That DevOps Guy
29K
Create User and Computer Certificates with Auto Enrollment using Server 2019
Network Wiizkiid
1.2K
Update: The New Way To Setup A Free SSL Certificate on a Windows Server Using LetsEncrypt and WACS
Tech Smart Boss
22K
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
ArcGIS Enterprise: SSL Considerations
Esri Events
2.2K
The Most Concise, Hands-On Explanation of Setting Up SSL Wildcard Certificates Ever
Bruno Terkaly
7.9K
Before I do anything on Proxmox, I do this first...
Techno Tim
248K
How to get free SSL certificate and configure HTTPS
Juriy Bura
70K
Former CIA Officer Will Teach You How to Spot a Lie l Digiday
Digiday
14M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.