Security Experts:

Let's Encrypt Enters Public Beta

Free and open certificate authority (CA) Let's Encrypt has entered public beta, making it even easier for websites to adopt the HTTPS encryption that the organization has been promoting since its inception.

Just months ago, Let’s Encrypt announced the availability of a private beta program, which required interested third-parties to request an invitation before being able to join the testing process. Effective Dec. 3, invitations are no longer required to obtain free certificates from the certificate authority, Josh Aas, ISRG Executive Director, noted in a blog post.

Let’s Encrypt announced that Facebook has become the CA’s newest Gold sponsor, a large vote of support that will help the CA gain momentum.

Proposed by the Electronic Frontier Foundation (EFF) and already backed by tech companies such as Mozilla, Cisco, Akamai, Automattic, the University of Michigan, IdenTrust, and the Linux Foundation (which also hosts the project), the Let's Encrypt initiative is aimed at encrypting websites to serve them to users’ browsers over Transport Layer Security (TLS). The goal is to ensure that data is safe from eavesdroppers, while also automating the process of obtaining security certificates.

In September, Let’s Encrypt announced the release of its first certificate, and the project received cross-signatures from IdenTrust in October, meaning that its certificates are trusted by all browsers. Last month, the CA automated the certificate installation process, courtesy of a set of scripts made available in open source and which represented the official Let's Encrypt certificate management ACME client tool.

According to Aas, Let’s Encrypt issued over 26,000 security certificates during the limited beta period. The large number of issued certificates also made it possible for the CA to test the manner in which its systems perform, thus making it possible to move to the public beta stage, he said.

He also explained that the CA will keep the beta tag for the time being, as it still needs to make a series of improvements, especially in on the client experience. The CA aims at automating the certificate issuance and management processes, and it will focus on ensuring that the client works smoothly and reliably on a wide range of platforms.

“It’s time for the Web to take a big step forward in terms of security and privacy. We want to see HTTPS become the default. Let’s Encrypt was built to enable that by making it as easy as possible to get and manage certificates,” Aas said. He also added the having Facebook as a Gold sponsor should help the initiative easier achieve its goals.

Over the past year, the Facebook has been actively involved in supporting and advancing encryption, and the Let’s Encrypt sponsorship is another example of this involvement. “Making it easier for websites to deploy HTTPS encryption is an important step in improving the security of the whole internet, and Facebook is proud to support this effort,” Alex Stamos, Chief Security Officer at Facebook, said.

view counter