Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Let’s Encrypt Enters Public Beta

Free and open certificate authority (CA) Let’s Encrypt has entered public beta, making it even easier for websites to adopt the HTTPS encryption that the organization has been promoting since its inception.

Free and open certificate authority (CA) Let’s Encrypt has entered public beta, making it even easier for websites to adopt the HTTPS encryption that the organization has been promoting since its inception.

Just months ago, Let’s Encrypt announced the availability of a private beta program, which required interested third-parties to request an invitation before being able to join the testing process. Effective Dec. 3, invitations are no longer required to obtain free certificates from the certificate authority, Josh Aas, ISRG Executive Director, noted in a blog post.

Let’s Encrypt announced that Facebook has become the CA’s newest Gold sponsor, a large vote of support that will help the CA gain momentum.

Proposed by the Electronic Frontier Foundation (EFF) and already backed by tech companies such as Mozilla, Cisco, Akamai, Automattic, the University of Michigan, IdenTrust, and the Linux Foundation (which also hosts the project), the Let’s Encrypt initiative is aimed at encrypting websites to serve them to users’ browsers over Transport Layer Security (TLS). The goal is to ensure that data is safe from eavesdroppers, while also automating the process of obtaining security certificates.

In September, Let’s Encrypt announced the release of its first certificate, and the project received cross-signatures from IdenTrust in October, meaning that its certificates are trusted by all browsers. Last month, the CA automated the certificate installation process, courtesy of a set of scripts made available in open source and which represented the official Let’s Encrypt certificate management ACME client tool.

According to Aas, Let’s Encrypt issued over 26,000 security certificates during the limited beta period. The large number of issued certificates also made it possible for the CA to test the manner in which its systems perform, thus making it possible to move to the public beta stage, he said.

He also explained that the CA will keep the beta tag for the time being, as it still needs to make a series of improvements, especially in on the client experience. The CA aims at automating the certificate issuance and management processes, and it will focus on ensuring that the client works smoothly and reliably on a wide range of platforms.

“It’s time for the Web to take a big step forward in terms of security and privacy. We want to see HTTPS become the default. Let’s Encrypt was built to enable that by making it as easy as possible to get and manage certificates,” Aas said. He also added the having Facebook as a Gold sponsor should help the initiative easier achieve its goals.

Over the past year, the Facebook has been actively involved in supporting and advancing encryption, and the Let’s Encrypt sponsorship is another example of this involvement. “Making it easier for websites to deploy HTTPS encryption is an important step in improving the security of the whole internet, and Facebook is proud to support this effort,” Alex Stamos, Chief Security Officer at Facebook, said.

Written By

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).