Stories
Slash Boxes
Comments

SoylentNews is people

"Let's Encrypt" gets a Launch Schedule

posted by martyb on Thursday June 18 2015, @09:55AM   Printer-friendly
from the ubcvat-gurl-qb-abg-hfr-EBG13 dept.

Anonymous Coward writes:

After much work in background and previous update covered here at soylentnews, the guys over at Let's Encrypt have finally given a launch schedule:

Let’s Encrypt has reached a point where we’re ready to announce our launch schedule.

  • First certificate: Week of July 27, 2015
  • General availability: Week of September 14, 2015

While this is a bit off from the original mid-2015 launch date, it's a great start towards encrypted web communications.

Original Submission

 
This discussion has been archived. No new comments can be posted.
"Let's Encrypt" gets a Launch Schedule | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by bryan on Thursday June 18 2015, @04:49PM

    by bryan (29) <bryan@pipedot.org> on Thursday June 18 2015, @04:49PM (#197883) Homepage Journal

    I still don't understand why they couldn't allocate certificates like every other CA. Their model apparently involves an always-running background daemon that constantly phones home and rewrites your webserver configuration file as it pleases.

    What was so wrong about generating a certificate signing request (CSR) on your server and then getting a simple certificate (CRT) from your CA? StartSSL [startssl.com] will give you a free certificate today without having to run a proprietary background process.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by No Respect on Thursday June 18 2015, @06:59PM

    by No Respect (991) on Thursday June 18 2015, @06:59PM (#197923)

    I'm unclear on this point as well. Get me a certificate I can put in a local store on a local machine and get out of the way, please. Run some background process forever for :reasons:? No thanks. I will decline for that reason alone.

  • (Score: 2) by tempest on Thursday June 18 2015, @07:10PM

    by tempest (3050) on Thursday June 18 2015, @07:10PM (#197931)

    You don't have to run a daemon to interact with ACME. Provided your certificate is still valid for the period, at any given time you can periodically do a refresh yourself. Personally I'm planning on using a shell script with wget to do it. I may possibly make a more sturdy perl script in the future, but that doesn't seem necessary as the spec is now (although probably not especially fault tolerant).

  • (Score: 2) by stormreaver on Thursday June 18 2015, @07:30PM

    by stormreaver (5101) on Thursday June 18 2015, @07:30PM (#197945)

    I still don't understand why they couldn't allocate certificates like every other CA.

    They can and will (your part can be manual, while LE's part is always automated).

    While Let's Encrypt is heavily promoting its automation, that's really a tiny, tiny part of what makes it exciting. By far, the HUGE win is having a conglomerate of influential names participate in issuing free certs. The biggest problem with encryption certificates isn't the installation or update process, but the cost of having a certificate that doesn't invoke the untrusted certificate warning in the browser.

    That's why I intend to be an early adopter. I plan to request my certificates on release day.

  • (Score: 2) by NCommander on Thursday June 18 2015, @11:17PM

    by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Thursday June 18 2015, @11:17PM (#198026) Homepage Journal

    StartSSL certificates specifically prohibit use by commercial entities, and have other limitations on what their certificates can be used for. Else we would be using them here on SN.

    --
    Still always moving