Free automated open encryption certification launches in September

News by SC Staff

Describing itself as the first free and automated certificate authority, Let's Encrypt, launches on 14 September.

The group promotes use of encryption in transit (HTTPS) and says it hopes every site on the web will eventually use HTTPS by default. Hence it is working to remove barriers to implementation including difficulties in the need to obtain and install a certificate.

From once being an expensive and difficult process, now a certificate can be obtained for free, but informal tests showed it often takes 1-3 hours for a web administrator to install a certificate and others may not be able to install one at all.

Let's Encrypt aims to ‘democratise' the process by automating the certificate issuance and install process. The Let's Encrypt authority will provide browser-trusted certificates through a publicly documented API that anyone can implement.

The organisation says that anyone can run the Let's Encrypt client software client software on their web server to automatically install a certificate and configure their server with strong HTTPS settings, while many hosting providers are expected to incorporate the Let's Encrypt API to offer HTTPS by default for free.

However a commentator on the SC website (also see below) notes that because "Let's Encrypt Preview is a Python-based utility that works alongside Apache", "if you are running any other web server you may well be out of luck." Let's Encrypt does say (under FAQs) they expect to have "client support for automated configuration of recent version of Apache and Nginx" and "hoping to for Windows IIS".  The commentator also notes: "The project also assumes a level of access to the web server which many providers will not (perhaps with very good reason) grant."

Collaborators on the project include Mozilla, EFF, a group at the University of Michigan who created the Internet Security Research Group (ISRG), a non-profit organisation which will run the Let's Encrypt certificate authority, sponsored by Akamai, Cisco, IdenTrust, and Automattic. The Linux Foundation has provided staffing and administrative work, and developers from the open source community have worked alongside EFF, Mozilla and UMich engineers to develop the Let's Encrypt client and server software.

Under normal circumstances, certificates issued by Let's Encrypt will come from “Let's Encrypt Intermediate X1”. The other intermediate, “Let's Encrypt Intermediate X2”, is associated with its disaster recovery site and will only be used should the organisation lose the ability to issue with “Let's Encrypt Intermediate X1”. All ISRG keys are currently RSA keys though the organisation is planning to generate ECDSA keys later this year.

A draft subscriber contract is now available.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews