Let's Encrypt Now Trusted by All Major Root Programs
8.8.18 securityweek Safety
Let’s Encrypt root, ISRG Root X1, is now trusted by all major root programs, including Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry.
Let’s Encrypt is a free, automated, and open Certificate Authority (CA) backed by the Linux Foundation that provides website owners with free digital certificates for their sites and handles the certificate management process for them.
Launched by the Internet Security Research Group (ISRG) as an effort to drive HTTPS adoption, the initiative was launched publicly in December 2015 and came out of beta in April 2016.
At the end of July 18, Let’s Encrypt received direct trust from Microsoft products, which resulted in it being trusted by all major root programs. The CA’s certificates are cross-signed by IdenTrust, and have been widely trusted since the beginning.
“Browsers and operating systems have not, by default, directly trusted Let’s Encrypt certificates, but they trust IdenTrust, and IdenTrust trusts us, so we are trusted indirectly. IdenTrust is a critical partner in our effort to secure the Web, as they have allowed us to provide widely trusted certificates from day one,” noted Josh Aas, Executive Director of ISRG.
Now, the CA’s root is directly trusted by almost all newer versions of operating systems, browsers, and devices. Many older versions, however, still do not directly trust Let’s Encrypt.
While some of these are expected to be updated to trust the CA, others won’t, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Let’s Encrypt will continue to use a cross signature.
“Let’s Encrypt is currently providing certificates for more than 115 million websites. We look forward to being able to serve even more websites as efforts like this make deploying HTTPS with Let’s Encrypt even easier,” Aas concludes.