The promise of free TLS certificates came a step closer to reality earlier in September, when Let’s Encrypt issued its first certificate and applied to the root programs for Mozilla, Google, Microsoft, and Apple according to the Let’s Encrypt Blog. I have installed their root certificate in my browser already – it is easy and we do an exercise installing a root cert in a browser in Learning Tree’s System and Network Security Introduction.
In case you missed my earlier post on Let’s Encrypt back in January, the idea is that they’ll issue no-cost certificates for encrypting web sites.
Let’s Encrypt is part of the Internet Security Research Group, a project of the Linux Foundation. As I write this the ISRG board includes members from Mozilla, Akamai, Cisco and others.
Here is a video showing how simple Let’s Encrypt will be to use. It looks incredibly simple. I can attest to the difficulty of requesting and installing a certificate manually: I’ve done it multiple times. Getting everything right can be difficult.
I’m working on sites for some clients and I look forward to installing Let’s Encrypt certs for these clients. I’ll do it for my own sites and email, too. The idea of free certificates is a great one and the idea of securing web sites with them is even better. Now, of course, these are designed for securing sites so the data transmitted to and from them – they don’t come with the financial warranties more expensive certificates do. They also do not have the same trust level the commercial certificates do – those certs are designed to prove ownership of the domain while the ones from Let’s Encrypt are focused on ensuring encrypted communication. They do have a basic IP-domain validation scheme as noted in the video, but the commercial CAs use a far more rigorous scheme.
The Let’s Encrypt certs are not for everyone and they aren’t intended to be so. They are designed so that those without the need of expensive certificates that help ensure trust can have certs that are trusted by browsers and enable encrypted communication.
Please read through the Let’s Encrypt site and let us know what you think in the comments below.
To your safe computing,