WEBVTT 00:00.300 --> 00:01.740 Here and welcome back. 00:01.740 --> 00:09.000 Now, in this second part of the video, we look into how we can issue and configure the certificate. 00:09.210 --> 00:11.100 So the certificate that will be issued. 00:11.160 --> 00:12.360 It would be true. 00:12.360 --> 00:13.230 Let's encrypt. 00:13.560 --> 00:18.790 So let's encrypt is one of the entities from which you can get a free DNS certificate. 00:19.050 --> 00:21.530 However, it is only issued for 90 days. 00:21.540 --> 00:26.720 So every 90 days you will have to reissue a newer certificate. 00:27.210 --> 00:34.650 So I have created a new server and I have pointed my domain, which is labs internal dot com to this 00:34.650 --> 00:35.410 new server. 00:35.820 --> 00:37.200 So let's quickly do one thing. 00:37.200 --> 00:40.360 Let's install the build release package. 00:40.380 --> 00:43.020 Again, this is a Sendai's seven based OS. 00:45.740 --> 00:46.110 Great. 00:46.460 --> 00:50.840 So once Apple releases that, let's go ahead and install Ingenix. 00:53.800 --> 00:58.140 So once the engineers are installed, let's go ahead and start the engine service 01:01.540 --> 01:03.910 and once it started, let's quickly verify. 01:07.330 --> 01:09.780 Whoops, great. 01:09.790 --> 01:11.530 So the engine is running. 01:11.770 --> 01:19.870 So if you want to quickly verify, I'll do a call on LAVs Internet.com and you should see the default 01:19.870 --> 01:20.950 engine exposure. 01:21.400 --> 01:25.000 So in our case, we already have this step one. 01:25.330 --> 01:31.510 We already have done the step to the third step is the CSA, as well as getting the CEOs are saying 01:31.810 --> 01:37.240 now as far as the letters and group is concerned, you have an automated tool through which you can 01:37.240 --> 01:41.620 do step three, step forward and step five altogether. 01:42.040 --> 01:44.740 So let's go ahead and explore how we can do that. 01:45.250 --> 01:49.780 So now let's go ahead and install sort what happened, Ingenix? 01:52.270 --> 02:00.010 Great, so once this is done, you have to run the command third Haven Hafer engineers hyphen, followed 02:00.010 --> 02:02.500 by the domain, which is Labs Internet.com. 02:03.430 --> 02:05.970 Oops, let me just fix their typo here. 02:07.780 --> 02:09.890 So it is in the email address. 02:09.910 --> 02:14.680 Basically, this will help you get the notices related to renewal. 02:15.430 --> 02:20.710 Remember that since these are the three certificates, although it works perfectly well, but the amount 02:20.710 --> 02:23.280 of time for which it is issued is three months. 02:24.310 --> 02:25.900 So I'll put the email address. 02:26.080 --> 02:28.060 I'll agree the terms and conditions. 02:28.510 --> 02:31.810 So whether I want to share my email address, I'll say no. 02:33.160 --> 02:36.220 So do not fear that it is performing a challenge. 02:36.370 --> 02:38.360 We just discussed about this in a moment. 02:40.150 --> 02:46.350 So the next thing it is basically saying that whether you want to redirect or you do not want to redirect, 02:46.390 --> 02:49.600 so now it automatically did step three and step four. 02:49.780 --> 02:54.210 And in the step five, it is modifying the Web server configuration. 02:54.250 --> 02:55.850 So now you have two options. 02:55.870 --> 03:01.300 So the second option is that make all requests, redirect to the security sidepiece access. 03:01.660 --> 03:07.240 So that basically means that even if you have EDP, if someone logs in, it has to be, then he will 03:07.240 --> 03:10.390 automatically be redirected towards the EPA. 03:10.960 --> 03:20.330 So for the time being, I just see one which is node redirect and it says we are all done early. 03:20.740 --> 03:27.630 So now if you basically look into the Ingenix configuration, you're all right. 03:27.700 --> 03:32.080 So now I know it's not that this is a pretty important utility, at least for me. 03:32.920 --> 03:33.370 Great. 03:33.650 --> 03:35.590 Let's go back down. 03:39.820 --> 03:47.140 And now you see it has automatically added the SSN related configuration, so all of these things are 03:47.140 --> 03:51.390 added by the Third World, so we don't really have to modify anything. 03:51.730 --> 03:53.850 So earlier it did not happen. 03:53.860 --> 04:00.280 So after the certificate was issued, we had to manually add these lines, but currently it is doing 04:00.280 --> 04:00.940 automatically. 04:02.450 --> 04:06.790 So if I read and the next everything is working fine, just restart your engine. 04:06.790 --> 04:08.800 It's all right. 04:09.130 --> 04:19.870 So once this is, then you can verify that good HDB labs, internal dot com and you should be able to 04:19.870 --> 04:20.610 see the website. 04:20.950 --> 04:22.130 So even from the browser. 04:22.150 --> 04:23.170 Let's quickly verify. 04:25.570 --> 04:32.290 You see, you're getting a perfect green lockyear and it says that verified by let's encrypt now in 04:32.290 --> 04:32.620 here. 04:32.650 --> 04:40.180 It does not read the email verification because if you would go a bit up within here, it is basically 04:40.180 --> 04:41.630 making a challenging area. 04:41.650 --> 04:42.000 All right. 04:42.340 --> 04:50.110 So basically what you have to make sure that this server does not really restrict the inbound firewall 04:50.110 --> 04:54.330 because it verifies whether the domain actually belongs to you. 04:54.790 --> 05:01.240 So you have to make sure that if this is the server, then it is accessible and the firewall does not 05:01.240 --> 05:03.730 really block the inbound EDP traffic. 05:03.940 --> 05:09.200 Otherwise, your challenge verification will not fail and the certificate will not be issued. 05:09.460 --> 05:15.470 So for me, since labs internal dot com is basically pointing to this specific server, that challenge 05:15.610 --> 05:20.270 really works pretty well because I don't really have a firewall in between. 05:20.560 --> 05:23.260 So this is one important part that you should remember. 05:23.620 --> 05:31.150 So that's the high level overview about the let's encrypt now in case if you do not get the certificate 05:31.150 --> 05:36.850 from let's encrypt and you got a certificate from a different provider, then these are some of the 05:36.850 --> 05:38.800 configurations that you will have to put. 05:38.800 --> 05:44.950 Specifically, these three lines are the most important where you have the gene, that pin and you have 05:44.950 --> 05:46.130 the private keys. 05:46.510 --> 05:48.300 So this will conclude this with you. 05:48.400 --> 05:53.530 I will really encourage you to try this out, because let's encrypt something that you will be using 05:53.530 --> 05:56.230 throughout your time so that this will conclude this. 05:56.230 --> 05:56.490 We do. 05:56.500 --> 05:59.950 I hope this video has been informative and I look forward to seeing the next video.