Now all the main lists of root certificates trust Let's Encrypt
The news that ISRG Root X1, Let's Encrypt CA 's root certificate, has become a little imperceptible has become directly trusted by Microsoft products. Now direct trust exists on the part of all major trust root certificate lists, including Microsoft, Google, Apple, Mozilla, Oracle and Blackberry.
I think this should be glad. Although, let's face it, outwardly it was not noticeable in any way (we all could go over https to sites covered by LE certificates, so we can go), and, moreover, the benefits of the event will be when “Will arrive” and updated lists of trust root certificates will be used, the event is an important milestone on the way of recognizing this CA - and another counter-argument against purchasing certificates from CAs issuing DV-certificates for money.
Until now, trust to Let's Encrypt certificates was provided through an intermediate certificate, cross-signed with both the root certificate of Let's Encrypt and the root certificate of the IdenTrust organization. in software and systems that did not have information about Let's Encrypt root certificate.
')
Users of the services of Let's Encrypt service do not require any additional actions. It is recommended, however, to ensure that the ACME client (the software agent responsible for obtaining renewals of LE certificates used in systems, such as Certbot or acme.sh ), is regularly updated.
According to the information of the service, today, Let's Encrypt, a non-profit certification center (in turn, managed by ISRG, the public organization Internet Security Research Group), provides certificates to more than 115 million websites.
I think this should be glad. Although, let's face it, outwardly it was not noticeable in any way (we all could go over https to sites covered by LE certificates, so we can go), and, moreover, the benefits of the event will be when “Will arrive” and updated lists of trust root certificates will be used, the event is an important milestone on the way of recognizing this CA - and another counter-argument against purchasing certificates from CAs issuing DV-certificates for money.
Until now, trust to Let's Encrypt certificates was provided through an intermediate certificate, cross-signed with both the root certificate of Let's Encrypt and the root certificate of the IdenTrust organization. in software and systems that did not have information about Let's Encrypt root certificate.
')
Users of the services of Let's Encrypt service do not require any additional actions. It is recommended, however, to ensure that the ACME client (the software agent responsible for obtaining renewals of LE certificates used in systems, such as Certbot or acme.sh ), is regularly updated.
According to the information of the service, today, Let's Encrypt, a non-profit certification center (in turn, managed by ISRG, the public organization Internet Security Research Group), provides certificates to more than 115 million websites.
Source: https://habr.com/ru/post/419633/
All Articles