{"id":78683,"date":"2015-12-07T20:18:07","date_gmt":"2015-12-08T01:18:07","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-08-17T18:48:26","modified_gmt":"2021-08-17T22:48:26","slug":"lets-encrypt-lives","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/lets-encrypt-lives\/","title":{"rendered":"Let’s Encrypt Lives"},"content":{"rendered":"

\"Let's<\/a>Let’s Encrypt<\/a><\/strong>, an initiative to set up a free certificate authority<\/strong> (CA<\/a>) on the Intertubes has entered its public beta phase. All major browser makers including Google Chrome<\/a>, Mozilla Firefox<\/a>, and Microsoft Internet Explorer<\/a> trust Let’s Encrypt certificates. In their announcement<\/a> Josh Aas, the executive director of California based\u00a0Internet Security Research Group<\/a> (ISRG), which runs the Let’s Encrypt service, wrote:<\/p>\n

We’re happy to announce that Let’s Encrypt has entered Public Beta. Invitations are no longer needed in order to get free certificates from Let’s Encrypt … We want to see HTTPS<\/a> become the default. Let’s Encrypt was built to enable that by making it as easy as possible to get and manage certificates.<\/em><\/p>\n

Encryption to protect communications<\/h3>\n

\"Lets<\/a>Let’s Encrypt<\/a> is overseen by folks from Mozilla, Akamai<\/a> (AKAM<\/a>), Cisco<\/a> (CSCO<\/a>), Stanford Law School<\/a>, CoreOS<\/a>, the EFF<\/a>, and others<\/a>. Let’s Encrypt was first announced in 2014, (rb-<\/strong> Which I covered here<\/a><\/em>). motivated by a desire to steer organizations towards the use of encryption to protect their communications<\/strong>. A key part of the strategy is offering free digital certificates, which is a radical departure from the very hefty<\/a> premiums<\/a> that certificate authorities typically charge.
\n<\/em><\/p>\n

The Register<\/a><\/em> reports<\/a> that the free cert is no freebie weakling. Lets Encrypt uses a 2048-bit<\/strong> RSA TLS 1.2 certificate with a SHA-256 signature installed and the server configured to use it. The cert gets an A from Qualys SSL Labs<\/a>.<\/p>\n

Let’s Encrypt to offer free SSL\/TLS certs<\/h3>\n

\"Secure<\/a>Let’s Encrypt plans to distribute free SSL\/TLS<\/strong> (Secure Socket Layer\/Transport Layer Security) certificates, which encrypt data passed between a website and users. The use of SSL\/TLS is signified in most browsers by “HTTPS<\/strong>” and a padlock appearing in the URL bar. Unencrypted web traffic poses a security risk<\/strong>. For example, an attacker could collect the web traffic of someone using a public Wi-Fi hotspot<\/a>, potentially revealing sensitive data.<\/p>\n

Besides securing your information going across the Internet from spies and thieves, FierceSecurityIT<\/em><\/a> says another key aspect of Let’s Encrypt is to make it easy to generate and install new digital certificates. The Let’s Encrypt CA uses an open source “automated issuance and renewal protocol<\/strong>” that allows for certificates to be renewed without manual intervention.<\/p>\n

\"automated<\/a>The\u00a0automated issuance and renewal protocol prevents oversights resulting in certificates for live websites expiring, a situation that does happen from time to time. FierceSecurityIT <\/em>says that short-term certificates also offer better security<\/strong> by reducing exposure in the event that the private keys are stolen.<\/p>\n

rb-<\/em><\/strong><\/p>\n

Major technology companies including Google<\/a>, Yahoo<\/a> and Facebook<\/a> have made a strong push for broader use of encryption in light of government surveillance programs and burgeoning cyber-crime.<\/em><\/p>\n

The point of Let’s Encrypt is that anyone who owns a domain name can use Let\u2019s Encrypt to get a trusted certificate at no cost. This will help\u00a0HTTPS become the default. This is a\u00a0big step forward in terms of security and privacy.<\/em><\/p>\n

Instructions for getting a certificate with the Let\u2019s Encrypt client<\/a> can be found here<\/a>.<\/em><\/p>\n

Related articles<\/h6>\n