Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Let’s Encrypt Enters Public Beta

Free and open certificate authority (CA) Let’s Encrypt has entered public beta, making it even easier for websites to adopt the HTTPS encryption that the organization has been promoting since its inception.

Free and open certificate authority (CA) Let’s Encrypt has entered public beta, making it even easier for websites to adopt the HTTPS encryption that the organization has been promoting since its inception.

Just months ago, Let’s Encrypt announced the availability of a private beta program, which required interested third-parties to request an invitation before being able to join the testing process. Effective Dec. 3, invitations are no longer required to obtain free certificates from the certificate authority, Josh Aas, ISRG Executive Director, noted in a blog post.

Let’s Encrypt announced that Facebook has become the CA’s newest Gold sponsor, a large vote of support that will help the CA gain momentum.

Proposed by the Electronic Frontier Foundation (EFF) and already backed by tech companies such as Mozilla, Cisco, Akamai, Automattic, the University of Michigan, IdenTrust, and the Linux Foundation (which also hosts the project), the Let’s Encrypt initiative is aimed at encrypting websites to serve them to users’ browsers over Transport Layer Security (TLS). The goal is to ensure that data is safe from eavesdroppers, while also automating the process of obtaining security certificates.

In September, Let’s Encrypt announced the release of its first certificate, and the project received cross-signatures from IdenTrust in October, meaning that its certificates are trusted by all browsers. Last month, the CA automated the certificate installation process, courtesy of a set of scripts made available in open source and which represented the official Let’s Encrypt certificate management ACME client tool.

According to Aas, Let’s Encrypt issued over 26,000 security certificates during the limited beta period. The large number of issued certificates also made it possible for the CA to test the manner in which its systems perform, thus making it possible to move to the public beta stage, he said.

He also explained that the CA will keep the beta tag for the time being, as it still needs to make a series of improvements, especially in on the client experience. The CA aims at automating the certificate issuance and management processes, and it will focus on ensuring that the client works smoothly and reliably on a wide range of platforms.

“It’s time for the Web to take a big step forward in terms of security and privacy. We want to see HTTPS become the default. Let’s Encrypt was built to enable that by making it as easy as possible to get and manage certificates,” Aas said. He also added the having Facebook as a Gold sponsor should help the initiative easier achieve its goals.

Advertisement. Scroll to continue reading.

Over the past year, the Facebook has been actively involved in supporting and advancing encryption, and the Let’s Encrypt sponsorship is another example of this involvement. “Making it easier for websites to deploy HTTPS encryption is an important step in improving the security of the whole internet, and Facebook is proud to support this effort,” Alex Stamos, Chief Security Officer at Facebook, said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet