Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Let’s Encrypt Now Trusted by All Major Root Programs

Let’s Encrypt root, ISRG Root X1, is now trusted by all major root programs, including Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry.

Let’s Encrypt root, ISRG Root X1, is now trusted by all major root programs, including Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry.

Let’s Encrypt is a free, automated, and open Certificate Authority (CA) backed by the Linux Foundation that provides website owners with free digital certificates for their sites and handles the certificate management process for them.

Launched by the Internet Security Research Group (ISRG) as an effort to drive HTTPS adoption, the initiative was launched publicly in December 2015 and came out of beta in April 2016.

At the end of July 2018, Let’s Encrypt received direct trust from Microsoft products, which resulted in it being trusted by all major root programs. The CA’s certificates are cross-signed by IdenTrust, and have been widely trusted since the beginning.

“Browsers and operating systems have not, by default, directly trusted Let’s Encrypt certificates, but they trust IdenTrust, and IdenTrust trusts us, so we are trusted indirectly. IdenTrust is a critical partner in our effort to secure the Web, as they have allowed us to provide widely trusted certificates from day one,” noted Josh Aas, Executive Director of ISRG.

Now, the CA’s root is directly trusted by almost all newer versions of operating systems, browsers, and devices. Many older versions, however, still do not directly trust Let’s Encrypt.

While some of these are expected to be updated to trust the CA, others won’t, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Let’s Encrypt will continue to use a cross signature.

“Let’s Encrypt is currently providing certificates for more than 115 million websites. We look forward to being able to serve even more websites as efforts like this make deploying HTTPS with Let’s Encrypt even easier,” Aas concludes.

Advertisement. Scroll to continue reading.

Related: Let’s Encrypt Wildcard Certificates a ‘Boon’ for Cybercriminals, Expert Says

Related: Google Launches Its Own Root Certificate Authority

Related: Comodo Sells Certificate Business to Private Equity Firm

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

Professional services company Slalom has appointed Christopher Burger as its first CISO.

More People On The Move

Expert Insights

Related Content

Cisco zero-day CVE-2023-20109 exploited Cisco zero-day CVE-2023-20109 exploited

Malware & Threats

Chinese Gov Hackers Caught Hiding in Cisco Router Firmware

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

September 27, 2023
RSA Conference 2023 RSA Conference 2023

Management & Strategy

RSA Conference 2023 – Announcements Summary (Day 1)

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

April 25, 2023
CISOs in the Boardroom CISOs in the Boardroom

Security Infrastructure

Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

June 19, 2023
ZTNA Zero Trust ZTNA Zero Trust

Cloud Security

The History and Evolution of Zero Trust

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

July 11, 2022
Consolidate Vendors and Products for Better Security

Security Infrastructure

Consolidate Vendors and Products for Better Security

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

June 8, 2023
SecurityWeek Acquires Industrial Control System (ICS) Cybersecurity Conference Series

Funding/M&A

SecurityWeek Acquires Industrial Control System (ICS) Cybersecurity Conference Series

Responding to Cyber Threats Against Critical Infrastructures: Wired Business Media Acquires Long Running ICS Cybersecurity Conference Series

April 24, 2014
Comcast Wants a Slice of the Enterprise Cybersecurity Business

Security Infrastructure

Comcast Wants a Slice of the Enterprise Cybersecurity Business

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

February 6, 2023
PCI Data Security Standard v4.0 Released to Address Emerging Threats

Audits

PCI Data Security Standard v4.0 Released to Address Emerging Threats

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

April 1, 2022