Let's Encrypt Now Trusted by All Major Root Programs
8.8.18 securityweek Safety

Letís Encrypt root, ISRG Root X1, is now trusted by all major root programs, including Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry.

Letís Encrypt is a free, automated, and open Certificate Authority (CA) backed by the Linux Foundation that provides website owners with free digital certificates for their sites and handles the certificate management process for them.

Launched by the Internet Security Research Group (ISRG) as an effort to drive HTTPS adoption, the initiative was launched publicly in December 2015 and came out of beta in April 2016.

At the end of July 18, Letís Encrypt received direct trust from Microsoft products, which resulted in it being trusted by all major root programs. The CAís certificates are cross-signed by IdenTrust, and have been widely trusted since the beginning.

ďBrowsers and operating systems have not, by default, directly trusted Letís Encrypt certificates, but they trust IdenTrust, and IdenTrust trusts us, so we are trusted indirectly. IdenTrust is a critical partner in our effort to secure the Web, as they have allowed us to provide widely trusted certificates from day one,Ē noted Josh Aas, Executive Director of ISRG.

Now, the CAís root is directly trusted by almost all newer versions of operating systems, browsers, and devices. Many older versions, however, still do not directly trust Letís Encrypt.

While some of these are expected to be updated to trust the CA, others wonít, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Letís Encrypt will continue to use a cross signature.

ďLetís Encrypt is currently providing certificates for more than 115 million websites. We look forward to being able to serve even more websites as efforts like this make deploying HTTPS with Letís Encrypt even easier,Ē Aas concludes.