Let’s Encrypt is a Certification Authority that enables HTTPS on your website. Initially, major browsers and root certificate programs were, however, apprehensive of trusting this CA. The page has now turned for Let’s Encrypt, who, in their announcement yesterday stated that they are now directly trusted by major root programs like Microsoft, Google, Apple, Mozilla, Oracle and Blackberry.
Knowing that these big names are now associated with Let’s Encrypt’s SSL Certificate, end users are in for a host of advantages. They can obtain a trusted certificate from Let’s Encrypt for zero cost. Not only can software running on web server obtain a certificate, but also be securely configured for use and automatically renew the certificate as and when needed. This certification authority also ensures that TLS security is taken seriously. They aim to benefit the community by maintaining transparency in issuing and revoking certificates- which will be publicly recorded for inspection. This will be published as an open standard for others to adopt.
Initially, they started off with the trust base of many browsers excluding the major root programs. The main reason for this being that it was a very new certificate authority launched in early April 2016. To overcome this roadblock, their intermediate “Let’s Encrypt Authority X3” is signed by ISRG Root X1. The intermediate now stands cross-signed by another certificate authority- ‘IdenTrust’. IdenTrust has always been a major name whose root is already trusted in all major browsers. Thus, this indirect circle of trust has been a game changer for Let’s Encrypt.
There are still many older versions operating systems, browsers, and devices that do not directly trust Let’s Encrypt. Some of these will eventually be updated to trust them directly. Some will not. And until they move out of the trust and security scene, they plan to use a cross signature. By currently providing certificates for more than 115 million websites, Let’s Encrypt is definitely making its presence felt!
Head over to the official site of Let’s Encrypt for more insights on this new announcement. You can also check out Black Hill’s post for information on why Let’s Encrypt is making rounds on the internet these days.