Let’s Encrypt Has Issued 1 Million Certificates And Counting, Boosting HTTPS Adoption

Status
Not open for further replies.

AthanSpod

Reputable
Sep 2, 2015
4
0
4,510
0
And don't forget that you can use LetsEncrypt certificates for securing SMTP, IMAP and POP3 servers as well, just not as *client* authentication. So in theory it should boost the adoption of email being encrypted end to end on the network.
 

AthanSpod

Reputable
Sep 2, 2015
4
0
4,510
0
To be 100% clear on that, the "not client authentication" means they can't replace client passwords for logins, nor can they be used to directly encrypt/sign emails on a client. But they can be used for securing the client<>server part of IMAP and POP3.
 

AthanSpod

Reputable
Sep 2, 2015
4
0
4,510
0
To be 100% clear on that, the "not client authentication" means they can't replace client passwords for logins, nor can they be used to directly encrypt/sign emails on a client. But they can be used for securing the client<>server part of IMAP and POP3.
 

falchard

Distinguished
Jun 13, 2008
2,360
0
19,790
4
Watchout, you are giving the government ideas. Now that they know certificates has been a roadblock to encryption, they will make a Department of Web certification.
 

Haravikk

Honorable
Sep 14, 2013
317
0
10,790
1
To be 100% clear on that, the "not client authentication" means they can't replace client passwords for logins, nor can they be used to directly encrypt/sign emails on a client. But they can be used for securing the client<>server part of IMAP and POP3.
You don't really need a third-party certificate authority for issuing client certificates anyway; you can create your own certificate authority for this purpose using openssl, which also then allows you to easily automate the process of issuing certificates for new users, all you have to do is bundle your root and intermediate certificates (not keys) along with the user's certificate and key and have them install the whole lot together.

There's not much more a third party certificate can do that that kind of setup won't, as a user having a client certificate is how you validate who they are. That said I personally don't like swapping password for client certificates, I prefer to use both together for the added security, but there are other options such as certificate + multi factor authentication.


Anyway, that's a bit of an aside; I'm using Let's Encrypt for my domains, though I'm currently having to issue some individual certificates for sub-domains due to the way that they're created, which I'll have to try to sort out at some point. It's possible other users are doing the same, and it's unclear if that 1 million metric includes renewals, since the recommendation for Let's Encrypt is to renew every month (well short of the 90 day expiration time).
 

sylentz199

Reputable
Nov 18, 2015
48
0
4,530
0
I like the anonymous and no contact provided registrations...
About to get lots of really believable Banking Phishing emails
 

sam1275tom

Reputable
Oct 13, 2014
462
0
4,860
26
Now a noob question: can I use it to make a certificate for my openWRT router for free, thus avoid the "self-signed insecure" warning when I visit the router management page?
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS