If you are worried about trusting security certificates from just any issuer while browsing the internet or downloading stuff (and you should rightfully be), Mozilla and some other organizations are about to make things less scary for you from Q2 2015. The initiative makes it easier for server operators too.
Server certificates are proof over a SSL/TLS communication that your server is THE ONE that it claims to be. But often, it’s a lot of trouble to get even a basic certificate. It involves money as well as technical expertise to install and update the certs.
Let’s Encrypt is an initiative by Mozilla Corporation, Cisco Systems, Inc., Akamai Technologies, Electronic Frontier Foundation, IdenTrust, Inc., and researchers at the University of Michigan. The collaboration is working through Internet Security Research Group (ISRG), a California based public benefit corporation to deliver the infrastructure. The idea is to make the validation of server certs a one-click process for domain owners.
The key principles of Let’s Encrypt:
- Free: A domain owner can get a certificate validated for that domain at zero cost.
- Automatic: The entire enrollment process for certificates occurs during the server’s native installation or configuration process, while renewal occurs automatically in the background.
- Secure: Let’s Encrypt will serve as a platform for implementing modern security techniques and best practices.
- Transparent: All records of certificate issuance and revocation will be available to anyone who wishes to inspect them.
- Open: The automated issuance and renewal protocol will be an open standard and as much of the software as possible will be open source.
- Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the entire community, beyond the control of any one organization.
If you are a developer, don’t forget to visit the Get Involved page for opportunities to contribute.