Let’s Encrypt Initiative Enters Public Beta

The Let’s Encrypt initiative reached yet another milestone this week when it entered public beta, a step that it claims will help make it easier for website owners to embrace HTTPS encryption.

The Let’s Encrypt initiative reached yet another milestone this week when it entered public beta, something it claims should help make it easier for website owners to embrace HTTPS encryption.

The latest step comes on the heels of the movement issuing its first certificate back in September and becoming an official Certificate Authority in October.

Now, anyone that runs a server and wants to deploy HTTPS on their site can run the beta client and get a certificate.

The movement really gained traction earlier this fall after root certificates it deployed began getting cross-signed by public key certificate authority Identrust. Now the certificates are trusted across all the major browsers.

The collaborative behind the initiative – the Electronic Frontier Foundation, Mozilla, The University of Michigan, Cisco, and Akamai – announced their plan last November to grant free HTTPS certificates to any site that needed one. Jacob Hoffman-Andrews, a Lead Developer on Let’s Encrypt with the Electronic Frontier Foundation acknowledged on Wednesday that until now obtaining and installing a certificate was an expensive and difficult process.

“Once someone has purchased a certificate, they need to install it on their website, a time consuming and error-prone process that requires significant technical skill, which is a cost in itself. Let’s Encrypt is not only free but also automated, in order to make HTTPS encryption more accessible than ever,” Hoffman-Andrews wrote in the EFF’s Deeplinks blog.

Hoffman-Andrews claims that as the term beta suggests, there’s still some work to do.

The group still hopes to make it easier for website owners by including options to help them automatically renew their certificates, and supply automatic configuration for servers like Nginx postfix, exim, or dovecot.

The group also wants to better educate users on other features to help them shore up their sites, including HSTS, upgrade-insecure-requests, and OCSP stapling.

 

Suggested articles

5G security artificial intelligence

AI, the Mandatory Element of 5G Mobile Security

The complexity and scale of the 5G ecosystem, combined with a lack of skills and training in software-centric security, will be important drivers for AI deployment in the carrier space.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.