Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Let’s Encrypt Issues More Than 1 Million Digital Certificates

Free and open Certificate Authority (CA) Let’s Encrypt announced this week that it has issued more than 1 million certificates since issuing its first Digital Certificate last year.

Free and open Certificate Authority (CA) Let’s Encrypt announced this week that it has issued more than 1 million certificates since issuing its first Digital Certificate last year.

Originally proposed by the Electronic Frontier Foundation (EFF), the initiative has already attracted support from industry leaders such as Mozilla, Cisco, Akamai, Automattic and IdenTrust, among others. Backed by the Linux Foundation, its goal is to encrypt website traffic using Transport Layer Security (TLS) to protect user data from eavesdroppers.

Let’s Encrypt The organization issued its first free live digital certificate in mid-September 2015, while receiving cross signature for it only in October. Before Let’s Encrypt, CloudFlare was offering digital certificates at no cost, but the launch of this new CA was seen as a big step toward improved privacy and authentication online.

The CA launched publicly last fall and came out of private beta in early December, but its certificates have already been  abused by cybercriminals. The one million certificates that Let’s Encrypt has issued in the 3 months and 6 days since launching its service in public beta are valid for 2.5 million fully-qualified domain names.

According to the EFF, 90 percent of the 2.5 million domain names that take advantage of Let’s Encrypt one million free certificates had never been reachable by browser-valid HTTPS before. Users accessing those websites can now enjoy a more secure, encrypted browsing experience.

While the initiative ultimately aims at bringing encryption to all areas of the web, there are still many more websites that are still affected by insecure protocols. Domain owners continue to rely on HTTP because of the costs and bureaucracy involved in obtaining certificates, but Let’s Encrypt wants to eliminate this hurdle by offering certificates for free and by automating the issuance and renewal process.

Internet giants such as Google also support the move to HTTPS and more secure Internet protocols, and the company has made various changes lately to encourage site owners adopt better security. It even announced that it will favor HTTPS pages over their HTTP counterparts in search results.

Despite its good intentions, Let’s Encrypt’s existence, which has already sparked Amazon to start offering free certificates too, didn’t manage to convince everyone.

Advertisement. Scroll to continue reading.

David Holmes, an evangelist for F5 Networks’ security solutions, has long suggested that the CA will not make the Internet more trustworthy, and argues that it will challenge the CA industry.

In a recent SecurityWeek column, Holmes explains why there was a high demand for free certificates when Let’s Encrypt launched in public beta. He also voiced fears that, because Let’s Encrypt certificates are valid for only 90 days, some website operators might forget to renew their certificates in due time, and that the overall “good” that LE is supposedly bringing along might be nothing more than a Placebo Effect.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...