Stories
Slash Boxes
Comments

SoylentNews is people

Let's Encrypt Authority X1 and Let's Encrypt Authority X2 Receive Cross-Signatures

posted by janrinok on Tuesday October 20 2015, @11:24PM   Printer-friendly
from the its-safe-to-say dept.

An Anonymous Coward writes:

Let's encrypt, the free SSL CA has achieved a significant milestone. From their press release:

We're pleased to announce that we've received cross-signatures from IdenTrust, which means that our certificates are now trusted by all major browsers. This is a significant milestone since it means that visitors to websites using Let's Encrypt certificates can enjoy a secure browsing experience with no special configuration required. Both Let's Encrypt intermediate certificates, Let's Encrypt Authority X1 and Let's Encrypt Authority X2, received cross-signatures. Web servers will need to be configured to serve the appropriate cross-signature certificate as part of the trust chain. The Let's Encrypt client will handle this automatically.

You can see an example of a server using a Let's Encrypt certificate under a new cross-signed intermedate here.

Vital personal and business information is flowing over the Internet more frequently than ever, and it's time to encrypt all of it. That's why we created Let's Encrypt, and we're excited to be one big step closer to bringing secure connections to every corner of the Web.

This is hopefully a good step in the direction of an encrypted web!

Original Submission

 
This discussion has been archived. No new comments can be posted.
Let's Encrypt Authority X1 and Let's Encrypt Authority X2 Receive Cross-Signatures | Log In/Create an Account | Top | 27 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by takyon on Wednesday October 21 2015, @01:52AM

    by takyon (881) <takyonNO@SPAMsoylentnews.org> on Wednesday October 21 2015, @01:52AM (#252566) Journal

    Because if they don't get it right, it won't work?

    The purpose is to set up a free certificate authority. Everyone can already use certificates if they pay up, but once Let's Encrypt is fully ready it removes a barrier to entry.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by fnj on Wednesday October 21 2015, @03:04AM

    by fnj (1654) on Wednesday October 21 2015, @03:04AM (#252583)

    Er, there are other free-as-in-beer certs. I have a few. The entire process of installation end-to-end is hell, and that is what I understand Let's Encrypt will fix.

    Anyway ... yeah, they gotta get it right. Does that mean they gotta dawdle? Is that written somewhere?

    • (Score: 0) by Anonymous Coward on Wednesday October 21 2015, @08:19AM

      by Anonymous Coward on Wednesday October 21 2015, @08:19AM (#252632)

      A couple months for a whole certificate CA getting blessed by the appropriate bureaucratic bodies seems pretty good to me, but I've had to deal with bureaucracy.

    • (Score: 2) by NCommander on Wednesday October 21 2015, @03:07PM

      by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Wednesday October 21 2015, @03:07PM (#252787) Homepage Journal

      All of them that I'm aware of are for single domains, and can't be used for commercial or business purposes. That's why we had to fork up for our SSL certificates. Furthermore, if you're referring to StartSSL, paying $20 dollars to get a certificate revoked and reissued (which was not waived in the face of Heartbleed) just becomes a submarine cost if you've got even 3-4 or them.

      --
      Still always moving