Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Wednesday August 08 2018, @03:52PM   Printer-friendly
from the automated-trust dept.

Submitted via IRC for SoyCow1984

Let's Encrypt announced yesterday that they are now directly trusted by all major root certificate programs including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry. With this announcement, Let's Encrypt is now directly trusted by all major browsers and operating systems.

Source: https://www.bleepingcomputer.com/news/security/lets-encrypt-is-now-officially-trusted-by-all-major-root-certificates/

 

https://www.securityweek.com/lets-encrypt-now-trusted-all-major-root-programs:

[...] At the end of July 2018, Let's Encrypt received direct trust from Microsoft products, which resulted in it being trusted by all major root programs. The CA's certificates are cross-signed by IdenTrust, and have been widely trusted since the beginning.

"Browsers and operating systems have not, by default, directly trusted Let's Encrypt certificates, but they trust IdenTrust, and IdenTrust trusts us, so we are trusted indirectly. IdenTrust is a critical partner in our effort to secure the Web, as they have allowed us to provide widely trusted certificates from day one," noted Josh Aas, Executive Director of ISRG.

[...] While some of these [older operating systems, browsers, and devices] are expected to be updated to trust the CA, others won't, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Let's Encrypt will continue to use a cross signature [from IdenTrust].


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by takyon on Wednesday August 08 2018, @06:58PM (2 children)

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Wednesday August 08 2018, @06:58PM (#718922) Journal

    Shouldn't certificates/encryption be automatically handled (and enabled by default) by Joe Bloggs' blog software? Especially given that Google is penalizing non-HTTPS sites in its search engine or refusing to connect to them at all in its browser?

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by edIII on Wednesday August 08 2018, @09:46PM

    by edIII (791) on Wednesday August 08 2018, @09:46PM (#719040)

    ^this^

    It has become trivially easy with CPanel, Webmin, etc. to install SSL certificates from LE. Although I wouldn't touch Wordpress with a 10-ft pole, I'm sure there is a plugin on two to handle LE for it as well. Almost every major hosting package out there probably supports it.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
  • (Score: 0) by Anonymous Coward on Wednesday August 08 2018, @11:57PM

    by Anonymous Coward on Wednesday August 08 2018, @11:57PM (#719122)

    Brian Lunduke has the same take - why encrypt if you don't have to:
    https://www.youtube.com/watch?v=ZmlQoeEycPc [youtube.com] and
    https://www.youtube.com/watch?v=wNPvIk3jQ-M [youtube.com]
    It just adds complexity and is an overhead.

    Has anyone got a step-by-step guide on obtaining a cert and setting it up on your website - for cPanel as well as fully manual - believe it or not not everyone has cPanel granted to them.