Slashdot Mirror

← Back to Stories (view on slashdot.org)

Let's Encrypt Is Now Officially Trusted by All Major Root Certificates (bleepingcomputer.com)

Posted by msmash on from the marching-forward dept.

Let's Encrypt has announced that it is now directly trusted by all major root certificates including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry. With this announcement, Let's Encrypt is now directly trusted by all major browsers and operating systems. From a report: While Let's Encrypt has already been trusted by almost all browsers, it was done so through intermediate certificate that were cross-signed by IdenTrust. As IdenTrust was directly trusted by all major browser vendors and operating systems, it also allowed Let's Encrypt to be trusted as well. With Let's Encrypt now being directly trusted, if there is ever a problem with IdenTrust and they themselves become untrusted, Let's Encrypt users will still be able to function properly.

8 of 92 comments (clear)

  1. What by Anonymous Coward · · Score: 5, Insightful

    Trusted by root certificates? That is not how root certificates work. Bad article and bad headline for a tech site

    1. Re:What by LordKronos · · Score: 4, Informative

      Wow...and on top of that, you've been moderated to -1 Troll for correctly pointing it out. For any clueless moderator who might be included to give you a -1 mod:

      Let's Encrypt is not "trusted by" root certificates***. It's more correct to say that the Let's Encrypt root certificate is now a trusted root certificate in the certificate store of all major browsers.

      *** I guess technically they are also trusted by a root certificate. Let's Encrypt's intermediate certificate is also cross-signed by CACert, which is how older browsers (versions before the root certificate was included) were previously able to trust Let's Encrypt certificates. However, that's nearly 3 year old news, and although an articles about 3 year old news is not unheard of on slashdot, that's not what this particular article is about.

  2. Re:Gee by Anonymous Coward · · Score: 5, Insightful

    Automate.

    Certs updates should be automated anyhow, can't count how many times I've seen corporate sites have certs expire because some one couldn't or didn't update the cert because it was a manual process...

  3. one of these things is not like the other... by Jaegs · · Score: 4, Funny

    Microsoft? Check.
    Google? Check.
    Apple? Check.
    Mozilla? Check.
    Oracle? Check.
    Blackberry? Che... wait, what?

  4. Re:Gee by Wycliffe · · Score: 4, Informative

    The relatively short length is intentional: https://letsencrypt.org/2015/1...
    It's long enough so that you *can* manually update but short enough that it's a hassle to encourage people to automate.

  5. MOD PARENT UP by CheeseyDJ · · Score: 3, Insightful

    Came here to say the same thing. The headline makes no sense whatsoever.

  6. For those who do not know by houghi · · Score: 4, Informative

    Letâ(TM)s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).

    So if you need an SSL certificate for cheap, you can go to them. https://letsencrypt.org/

    --
    Don't fight for your country, if your country does not fight for you.
  7. Re:Gee by pnutjam · · Score: 3, Insightful

    Anathema to a free web? By insuring I'm talking to the site I tried to talk to and preventing eavesdropping?

    --
    Cheap storage VM.