Let’s Encrypt Has Issued 1 Million Certificates And Counting, Boosting HTTPS Adoption

[Lucian Armasu]

EFF announced that Let's Encrypt, a free certificate service which it co-founded with Mozilla, reached its millionth certificate.

Let’s Encrypt Has Issued 1 Million Certificates And Counting, Boosting HTTPS Adoption : Read more

 

[Snipergod87]

And yet here we are on Tom's Hardware in 2016 not using encryption.

 

[firefoxx04]

Come on toms, everyone uses encryption now.

 

[AthanSpod]

And don't forget that you can use LetsEncrypt certificates for securing SMTP, IMAP and POP3 servers as well, just not as *client* authentication. So in theory it should boost the adoption of email being encrypted end to end on the network.

 

[AthanSpod]

To be 100% clear on that, the "not client authentication" means they can't replace client passwords for logins, nor can they be used to directly encrypt/sign emails on a client. But they can be used for securing the client<>server part of IMAP and POP3.

 

[AthanSpod]

To be 100% clear on that, the "not client authentication" means they can't replace client passwords for logins, nor can they be used to directly encrypt/sign emails on a client. But they can be used for securing the client<>server part of IMAP and POP3.

 

[falchard]

Watchout, you are giving the government ideas. Now that they know certificates has been a roadblock to encryption, they will make a Department of Web certification.

 

[hellwig]

Do these certificates require a static IP? If not, when did that change? I might have to talk to my webhost about this.

 

[Haravikk]

To be 100% clear on that, the "not client authentication" means they can't replace client passwords for logins, nor can they be used to directly encrypt/sign emails on a client. But they can be used for securing the client<>server part of IMAP and POP3.

You don't really need a third-party certificate authority for issuing client certificates anyway; you can create your own certificate authority for this purpose using openssl, which also then allows you to easily automate the process of issuing certificates for new users, all you have to do is bundle your root and intermediate certificates (not keys) along with the user's certificate and key and have them install the whole lot together.

There's not much more a third party certificate can do that that kind of setup won't, as a user having a client certificate is how you validate who they are. That said I personally don't like swapping password for client certificates, I prefer to use both together for the added security, but there are other options such as certificate + multi factor authentication.


Anyway, that's a bit of an aside; I'm using Let's Encrypt for my domains, though I'm currently having to issue some individual certificates for sub-domains due to the way that they're created, which I'll have to try to sort out at some point. It's possible other users are doing the same, and it's unclear if that 1 million metric includes renewals, since the recommendation for Let's Encrypt is to renew every month (well short of the 90 day expiration time).

 

[sylentz199]

I like the anonymous and no contact provided registrations...
About to get lots of really believable Banking Phishing emails

 

[sam1275tom]

Now a noob question: can I use it to make a certificate for my openWRT router for free, thus avoid the "self-signed insecure" warning when I visit the router management page?

 

[demonkoryu]

sam: yup.