Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Thursday December 03 2015, @09:33PM   Printer-friendly
from the start-the-source-review-in-3....2....1..... dept.

EFF's "Let's Encrypt" Enters Public Beta

As of today, invitations are no longer needed to get a free certificated signed by the EFF's Let's Encrypt CA.

The user guide explains several options for the process, ranging from automatically setting up SSL for Apache or Nginx (support for Nginx is still experimental), to a manual process for those who would rather not run the installer as root.

Let's Encrypt CA issues short lived certificates (90 days), which shouldn't be a problem with a sufficiently automated renewal process. It looks like wildcard certificates won't be issued anytime soon (if at all), but you can get certificates that are good for multiple subdomains.

"Let's Encrypt" Project Enters Public Beta

The Electronic Frontier Foundation and Mozilla-backed Let's Encrypt certificate authority has now entered Public Beta:

So if you run a server, and need certificates to deploy HTTPS, you can run the beta client and get one right now. If you have any questions, you can get answers on community.letsencrypt.org.

We've still got a lot to do. This launch is a Public Beta to indicate that, as much as today's release makes setting up HTTPS easier, we still want to make a lot more improvements towards our ideal of fully automated server setup and renewal. Our roadmap includes may features including options for complete automation of certificate renewal, support for automatic configuration of more kinds of servers (such as Nginx, postfix, exim, or dovecot), and tools to help guide users through the configuration of important Web security features such as HSTS, upgrade-insecure-requests, and OCSP Stapling. And of course, if you have some Python coding knowledge, you can come and help us reach those objectives.

A fully encrypted Web is within reach. Let's Encrypt is going to help us get there.

The Register reports:

The certification-issuing service is run by the California-based Internet Security Research Group (ISRG), and is in public beta after running a trial among a select group of volunteers. The public beta went live at 1800 GMT (1000 PT) today.

Its certificates are trusted by all major browsers – Google Chrome, Mozilla Firefox and Microsoft's Internet Explorer worked in our office with fresh certs from the fledgling certificate authority.

Incredibly, it is almost too easy to use. You download an open-source client to your web server, and then one command will request and install a certificate, and configure your system to use it. And that's it.

[...] Full documentation is here and a quick start guide is here.


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Pino P on Friday December 04 2015, @01:28AM

    by Pino P (4721) on Friday December 04 2015, @01:28AM (#271650) Journal

    Browsers warn about unknown CAs but not about clear HTTP because their architects prefer a true sense of insecurity to a false sense of security.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Friday December 04 2015, @08:28AM

    by Anonymous Coward on Friday December 04 2015, @08:28AM (#271723)

    You can do https without showing the padlock. You can put a line across the word "https" like Chrome. And Firefox, which by default doesn't even show the protocol anymore could simply treat self-signed https exactly like it treats plain http.

    But of course that would not do anything to encourage corporate greed.