Let's encrypt, the free SSL CA has achieved a significant milestone. From their press release:
We're pleased to announce that we've received cross-signatures from IdenTrust, which means that our certificates are now trusted by all major browsers. This is a significant milestone since it means that visitors to websites using Let's Encrypt certificates can enjoy a secure browsing experience with no special configuration required. Both Let's Encrypt intermediate certificates, Let's Encrypt Authority X1 and Let's Encrypt Authority X2, received cross-signatures. Web servers will need to be configured to serve the appropriate cross-signature certificate as part of the trust chain. The Let's Encrypt client will handle this automatically.
You can see an example of a server using a Let's Encrypt certificate under a new cross-signed intermedate here.
Vital personal and business information is flowing over the Internet more frequently than ever, and it's time to encrypt all of it. That's why we created Let's Encrypt, and we're excited to be one big step closer to bringing secure connections to every corner of the Web.
This is hopefully a good step in the direction of an encrypted web!
(Score: 2) by takyon on Wednesday October 21 2015, @01:52AM
Because if they don't get it right, it won't work?
The purpose is to set up a free certificate authority. Everyone can already use certificates if they pay up, but once Let's Encrypt is fully ready it removes a barrier to entry.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by fnj on Wednesday October 21 2015, @03:04AM
Er, there are other free-as-in-beer certs. I have a few. The entire process of installation end-to-end is hell, and that is what I understand Let's Encrypt will fix.
Anyway ... yeah, they gotta get it right. Does that mean they gotta dawdle? Is that written somewhere?
(Score: 0) by Anonymous Coward on Wednesday October 21 2015, @08:19AM
A couple months for a whole certificate CA getting blessed by the appropriate bureaucratic bodies seems pretty good to me, but I've had to deal with bureaucracy.
(Score: 2) by NCommander on Wednesday October 21 2015, @03:07PM
All of them that I'm aware of are for single domains, and can't be used for commercial or business purposes. That's why we had to fork up for our SSL certificates. Furthermore, if you're referring to StartSSL, paying $20 dollars to get a certificate revoked and reissued (which was not waived in the face of Heartbleed) just becomes a submarine cost if you've got even 3-4 or them.
Still always moving