Let's Encrypt issues first free digital certificate

The first digital certificate has appeared online in what the group calls a "major milestone" in transforming the security of the web.


Let's Encrypt has issued its first digital certificate in a campaign to grant any webmaster who needs a TLS certificate for free.

Let's Encrypt, a free open-source certificate authority (CA) run by the Internet Security Research Group (ISRG), aims to become a one-stop shop for webmasters looking for free trusted certificates. The organization offers an automatic certificate acquisition process and uses TLS to maintain server security.

ISRG Executive Director Josh Aas said in a blog post Let's Encrypt has issued its first certificate, which is called a "major milestone" for the group.

Interested users can view the certificate in action at this domain. In order to test the certificate, you need to install the ISRG root certificate yourself before loading a separate page over HTTPS. It is worth noting Let's Encrypt has not yet been added as a trusted authority by major browsers such as Chrome and Firefox.

The non-profit has submitted initial applications to the root programs for Mozilla, Google, Microsoft and Apple. Let's Encrypt says general availability of the free certificates is expected in the middle of November this year.

The organization plans to start by issuing a small number of certificates to whitelisted domains, working out any system kinks or flaws along the way before pushing for general availability status.

"A cross-signature will be in place before general availability. This will allow certificates from Let's Encrypt to validate automatically for the vast majority of consumers. Prior to cross-signing, browsers will not accept our certificates as valid unless a user has installed our root as trusted," Let's Encrypt says.

The signature is not yet in place, but those with ISRG root installed will have fully functional certificates. Let's Encrypt hopes cross-signing will be complete in approximately four weeks, which will ensure the group's certificates will work "just about anywhere while our root propagates."

Webmasters can request that their domains be included during beta testing by signing up for the service.

VP of security strategy and threat intelligence Kevin Bocek from cybersecurity firm Venafi told ZDNet:

"There are some new risks that come along with advancing the use of more certificates and more encryption. First, with more certificates in use, cybercriminals will try to keep up in the race by using more certificates too. We've already seen this with the free certificates issued by CloudFlare. With more certificates used in cyber attacks, it can become more difficult to know what to trust. Second, the use of more encryption is creating more blind spots for threat protection systems.

So using certificates to appear trusted and hide inside of encrypted traffic is fast becoming the default for cyber attackers -- which almost counteracts the whole purpose of adding more encryption and trying to create a more trustworthy Internet with more free certificates."

Read on: Top picks

Show Comments