Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security The Internet

Let's Encrypt Is Now Officially Trusted by All Major Root Certificates (bleepingcomputer.com) 92

Let's Encrypt has announced that it is now directly trusted by all major root certificates including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry. With this announcement, Let's Encrypt is now directly trusted by all major browsers and operating systems. From a report: While Let's Encrypt has already been trusted by almost all browsers, it was done so through intermediate certificate that were cross-signed by IdenTrust. As IdenTrust was directly trusted by all major browser vendors and operating systems, it also allowed Let's Encrypt to be trusted as well. With Let's Encrypt now being directly trusted, if there is ever a problem with IdenTrust and they themselves become untrusted, Let's Encrypt users will still be able to function properly.
This discussion has been archived. No new comments can be posted.

Let's Encrypt Is Now Officially Trusted by All Major Root Certificates

Comments Filter:
  • What (Score:5, Insightful)

    by Anonymous Coward on Tuesday August 07, 2018 @09:05AM (#57084864)

    Trusted by root certificates? That is not how root certificates work. Bad article and bad headline for a tech site

    • MOD PARENT UP (Score:3, Insightful)

      by CheeseyDJ ( 800272 )
      Came here to say the same thing. The headline makes no sense whatsoever.
    • Re:What (Score:5, Informative)

      by LordKronos ( 470910 ) on Tuesday August 07, 2018 @10:34AM (#57085452)

      Wow...and on top of that, you've been moderated to -1 Troll for correctly pointing it out. For any clueless moderator who might be included to give you a -1 mod:

      Let's Encrypt is not "trusted by" root certificates***. It's more correct to say that the Let's Encrypt root certificate is now a trusted root certificate in the certificate store of all major browsers.

      *** I guess technically they are also trusted by a root certificate. Let's Encrypt's intermediate certificate is also cross-signed by CACert, which is how older browsers (versions before the root certificate was included) were previously able to trust Let's Encrypt certificates. However, that's nearly 3 year old news, and although an articles about 3 year old news is not unheard of on slashdot, that's not what this particular article is about.

      • It's more correct to say that the Let's Encrypt root certificate is now a trusted root certificate in the certificate store of all major browsers.

        Yeah, I'm guessing whoever wrote the summary mis-paraphrased the press release on Let's Encrypt's website [letsencrypt.org], which says that it is now "trusted by all major root programs" (i.e., those by Mozilla, Microsoft, Apple, etc., where it is decided which root certificates are distributed with their products). It could almost be a slip of the "tongue" since "root certificate" is a much more common phrase, but then they kept saying it...

  • by Jaegs ( 645749 ) on Tuesday August 07, 2018 @09:11AM (#57084890) Homepage Journal

    Microsoft? Check.
    Google? Check.
    Apple? Check.
    Mozilla? Check.
    Oracle? Check.
    Blackberry? Che... wait, what?

    • by Anonymous Coward

      Netcraft confirms it, this list is dead.

  • by Anonymous Coward

    Let's Encrypt is a really good setup for people who want to learn how to automate their system. While free and easy to set up (it took me about an hour to get https on my websites with it), the certificates only last 90 days, with the justification being that people should learn how to automate things.

    Since I have multiple redundant nodes which I rsync to, I had to use the --manual-auth-hook option to certbot-auto to push the challenge-response tokens Let's Encrypt uses to authenticate website. I also use A [ansible.com]

    • To be fair, LE's automation installation is automated... and you don't even have to learn much to use it.
      • by Anonymous Coward

        It's only simple if 1) You run the certbot on the actual web server and 2) Your nginx (or Apache) setup is bog-standard.

        I had to do things manually because nginx is in /usr/local/nginx on my nodes, and because I run certbot-auto on my local machine, then push the generated certs to the machines actually serving web pages.

        Ansible looks good on my resume, so it was a net positive for me.

  • From the official announcement: "While Let’s Encrypt is now directly trusted by almost all newer versions of operating systems, browsers, and devices, there are still many older versions in the world that do not directly trust Let’s Encrypt. Some of those older systems will eventually be updated to trust Let’s Encrypt directly. Some will not, and we’ll need to wait for the vast majority of those to cycle out of the Web ecosystem. We expect this will take at least five more years, so
  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Tuesday August 07, 2018 @10:26AM (#57085388)
    Comment removed based on user account deletion
  • the PRISM list.
  • These guys did something right and I applaud them. Much better than managing your own certificates and getting your users to accept them.

This is clearly another case of too many mad scientists, and not enough hunchbacks.

Working...