Slashdot Mirror

← Back to Stories (view on slashdot.org)

Let's Encrypt Is Now Officially Trusted by All Major Root Certificates (bleepingcomputer.com)

Posted by msmash on from the marching-forward dept.

Let's Encrypt has announced that it is now directly trusted by all major root certificates including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry. With this announcement, Let's Encrypt is now directly trusted by all major browsers and operating systems. From a report: While Let's Encrypt has already been trusted by almost all browsers, it was done so through intermediate certificate that were cross-signed by IdenTrust. As IdenTrust was directly trusted by all major browser vendors and operating systems, it also allowed Let's Encrypt to be trusted as well. With Let's Encrypt now being directly trusted, if there is ever a problem with IdenTrust and they themselves become untrusted, Let's Encrypt users will still be able to function properly.

6 of 92 comments (clear)

  1. What by Anonymous Coward · · Score: 5, Insightful

    Trusted by root certificates? That is not how root certificates work. Bad article and bad headline for a tech site

  2. Re:Gee by Anonymous Coward · · Score: 5, Insightful

    Automate.

    Certs updates should be automated anyhow, can't count how many times I've seen corporate sites have certs expire because some one couldn't or didn't update the cert because it was a manual process...

  3. Re:Let's Encrypt issues more than half of all cert by Anonymous Coward · · Score: 2, Insightful

    Let's Encrypt has become a single point of failure for the majority of web sites

    I generally think of "single point of failure" as one thing breaks and it immediately takes everything else down with it. With certificates, you should be renewing them 30 days before they expire. If Let's Encrypt suddenly ceased to exist, you would have 30 days notice that they are gone, and thus 30 days to switch to a different certificate provider and continue on with zero downtime. That's not my definition of single-point-of-failure. So it's really only a single point of failure for websites whose admins can't be bothered to monitor their processes, and can't be bothered to read tech-related websites and blogs (as something like that would be posted about everywhere).

  4. MOD PARENT UP by CheeseyDJ · · Score: 3, Insightful

    Came here to say the same thing. The headline makes no sense whatsoever.

  5. Re:Gee by thegarbz · · Score: 2, Insightful

    If you can't figure out how to set cron to execute a command every 3 months then you really shouldn't be even remotely in charge of something as important as the encryption on your server.

  6. Re:Gee by pnutjam · · Score: 3, Insightful

    Anathema to a free web? By insuring I'm talking to the site I tried to talk to and preventing eavesdropping?

    --
    Cheap storage VM.