Let's encrypt, the free SSL CA has achieved a significant milestone. From their press release:
We're pleased to announce that we've received cross-signatures from IdenTrust, which means that our certificates are now trusted by all major browsers. This is a significant milestone since it means that visitors to websites using Let's Encrypt certificates can enjoy a secure browsing experience with no special configuration required. Both Let's Encrypt intermediate certificates, Let's Encrypt Authority X1 and Let's Encrypt Authority X2, received cross-signatures. Web servers will need to be configured to serve the appropriate cross-signature certificate as part of the trust chain. The Let's Encrypt client will handle this automatically.
You can see an example of a server using a Let's Encrypt certificate under a new cross-signed intermedate here.
Vital personal and business information is flowing over the Internet more frequently than ever, and it's time to encrypt all of it. That's why we created Let's Encrypt, and we're excited to be one big step closer to bringing secure connections to every corner of the Web.
This is hopefully a good step in the direction of an encrypted web!
(Score: 3, Informative) by ese002 on Tuesday October 20 2015, @11:33PM
From TFA:
You can see an example of a server using a Let’s Encrypt certificate under a new cross-signed intermediate here. [letsencrypt.org]
And the browser gives:
Secure Connection Failed
An error occurred during a connection to helloworld.letsencrypt.org. Invalid OCSP signing certificate in OCSP response. (Error code: sec_error_ocsp_invalid_signing_cert)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
(Score: 4, Informative) by Tramii on Tuesday October 20 2015, @11:42PM
What browser are you using? It looks fine for me on the latest Firefox, Chrome and Safari.
(Score: 2) by ese002 on Wednesday October 21 2015, @12:27AM
Firefox 31.6 ESR
Work machine so I mostly get what I get.
(Score: 3, Informative) by frojack on Wednesday October 21 2015, @12:43AM
Wait, you knew your were over 10 updates behind and you STILL posted that failure report?!!?
No, you are mistaken. I've always had this sig.
(Score: 2) by ese002 on Wednesday October 21 2015, @12:53AM
The last update was March 31st, 2015. hardly a long time ago.
Who actually counts updates? I don't even do that on my Gentoo box which I actually own and administer, unlike this one which I don't.
(Score: 2) by frojack on Wednesday October 21 2015, @01:19AM
I don't count them either, I was just going by the version numbers, but they aren't always sequential.
But there have been a steady drumbeat of updates since March 31, and in browser years, that IS INDEED a long time ago.
Lets Encrypt is a new-ish project, first certificate july 25 2015.
No, you are mistaken. I've always had this sig.
(Score: 1) by KiloByte on Wednesday October 21 2015, @02:28AM
He's on an ESR release. Not everyone uses unstable snapshots.
Ceterum censeo systemd esse delendam.
(Score: 5, Informative) by vux984 on Wednesday October 21 2015, @12:56AM
Firefox 31.6 ESR
1) Firefox 31.0 ESR was released July 22 2014. The ESRs are maintained for about one year. The 31 ESR life cycle has ended and isn't being updated anymore; and you should have been migrated to the 38 ESR by now.
2) Firefox 31.6 ESR isn't even up to date *within* the 31 ESR cycle. The last release of Firefox 31 was 31.8
The firefox 38 ESR was released a while ago (we're already on 38.3, and the ESR overlap with the 31 ESR series has ended.
Worse, the final release of 31 ESR was 31.8 (July 2, 2015); and you are on 31.6. (March 31, 2015)
So... you are running an out of date version of a discontinued ESR release.
(Score: 2) by frojack on Wednesday October 21 2015, @01:21AM
For regular releases (not ESR) the current is 41.0.2, updated mere moments ago.
No, you are mistaken. I've always had this sig.
(Score: 2) by frojack on Wednesday October 21 2015, @12:35AM
Even works on Konqueror.
No, you are mistaken. I've always had this sig.
(Score: 2) by fnj on Wednesday October 21 2015, @01:27AM
Correct (Konqueror 4.14.12 linux). Also works in Opera 32.0 linux. Does not work in Pale Moon 25.6.0 linux. Seamonkey won't even start today to find out.
(Score: 2, Informative) by xorsyst on Wednesday October 21 2015, @02:15PM
I get the same on Palemoon 25.7.3 (x64), which it tells me is the latest version.
(Score: 0) by Anonymous Coward on Thursday October 22 2015, @05:14PM
lmao! freakin' pale moon!