From Zero to Hero, Deploying HTTPS the quick and easy way

With the increasing requirement to secure communications online, we’re going to look at how to quickly and easily get started with HTTPS. Taking a website from HTTP to HTTPS, including obtaining a certificate and TLS configuration, all within an hour! On top of our deployment of HTTPS we’ll look at modern application defences that can assist us in providing a secure browsing experience to our users. Content Security Policy, Upgrade Insecure Requests and HTTP Strict Transport Security are all features that modern applications should leverage so we’ll be setting those up too. The and security analysers are canonical resources for their respective areas and we’re going to achieve an A+ grade on both of them.

Resources mentioned in this session:



SSL Labs:

Security Headers:

Let's Encrypt:

ACME Tools/Clients

ACME Tiny:


Mozilla Config Generator:

Crawler data:

Support checker:

Certificate Transparency

Intro post:



Scott Helme

Hacker, researcher, builder of things. Founded and, Pluralsight author, BBC hacker in residence, award winning entrepreneur. Find me at

Find Scott on twitter


The MyDevSecOps community is powered by Snyk Ltd. Our aim is to create a vendor-neutral space to share knowledge and best practices related to software security.

  • White Twitter Icon
  • White YouTube Icon