The news benefits newer operating systems, devices, and browsers
Let’s Encrypt is now trusted by all major certificates, paving the way forward for more widespread encryption on the Web.
This week, the certificate authority (CA) said they are now directly trusted by all major authorities, including Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry.
Let’s Encrypt is on a mission to bring encryption to webmasters worldwide. The service, offered by the Internet Security Research Group (ISRG), offers free SSL and TLS certificates in order to “create a more secure and privacy-respecting Web.”
Now, all major certificate authorities and browsers will accept Let’s Encrypt certification as legitimate.
Let’s Encrypt certificates have been widely accepted and trusted since 2015 due to a partnership with IdenTrust, another certificate authority. While Let’s Encrypt was becoming established, IdenTrust provided the cross-signature bridge required to spread the CA’s mission.
As IdenTrust trusted Let’s Encrypt, by proxy, the latter was then trusted by others.
However, there is always a risk when CAs piggyback through established chains of trust. It can take one failure or business spat, such as in the case of Symantec certificates being revoked after partner Trustico reportedly claimed these certificates were “compromised,” for websites worldwide to go into meltdown.
While no such scandals have impacted IdenTrust, securing your own trust with major vendors is the preferred route.
Towards Directly Trusted Every Where
The Let’s Encrypt root, ISRG Root X1, is now directly trusted, which removes the need to rely on IdenTrust.
Let’s Encrypt commented in the release that: “Today’s announcement that we’re trusted by all major root programs represents a major milestone for us, but it’s not the conclusion of our journey towards being directly trusted everywhere”
This news benefits newer operating systems, devices, and browsers, but the CA has warned that older systems will not necessarily trust Let’s Encrypt directly.
Removing these older systems from the Web is expected to take up to five years, and so until then, Let’s Encrypt will also maintain a cross-signature.
Webmasters do not have to do anything and certificates will continue to operate as normal.
In March, the certificate provider implemented live wildcard certificate support. The Let’s Encrypt wildcard certificates act in the same manner as traditional TLS certificates but can also be used to secure domains and subdomains, which ramps up deployment speed for webmasters.