Tuesday, March 19, 2024

Let’s Encrypt Root Certificate Now Directly Trusted by Microsoft and all Major Root Programs

Let’s Encrypt announced it’s root certificate ISRG Root X1 is now directly trusted by Microsoft and all other major root certificate programs including Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry.

Starting from the first issuance the Let’s Encrypt intermediate certificates, Let’s Encrypt Authority X1 and Let’s Encrypt Authority X2 was cross-signed with IdenTrust root and trusted by all the major browsers.

Browsers and operating systems not supported by default to Let’s Encrypt certificates, so it was cross-signed by IdenTrust and the IdenTrust certificate trusted by the Browsers and operating systems directly.

Let’s Encrypt
Chained With IdenTrust

Starting July 2018 Let’s Encrypt certificate directly trusted by almost all newer versions of operating systems, browsers, and devices.

“Some of those older systems will eventually be updated to trust Let’s Encrypt directly. Some will not, and we’ll need to wait for the vast majority of those to cycle out of the Web ecosystem.”

Let’s Encrypt says it would take at least five more years to cycle out the Web ecosystem, so they planned to continue the cross signature until then.

Now the Let’s Encrypt serves more than 115 million websites, it had a very good progress as it breaks the technical and cost barriers.

Let’s Encrypt Active Intermediate’s

Active

Let’s Encrypt Authority X3 (IdenTrust cross-signed)
Let’s Encrypt Authority X3 (Signed by ISRG Root X1)

Let’s Encrypt

Backup

Let’s Encrypt Authority X4 (IdenTrust cross-signed)
Let’s Encrypt Authority X4 (Signed by ISRG Root X1)

Site owner’s of Let’s Encrypt not required to make any changes and the site’s continue to work normally.

Also Read

Transport Layer Security (TLS) 1.3 approved by IETF With the 28th Draft

Private keys Leaked – 23,000 SSL Certificates to be Revoked Within Next 24 Hours

New Method to Establish Covert Channel Communication by Abusing X.509 Digital Certificates

Website

Latest articles

E-Root Admin Sentenced to 42 Months in Prison for Selling 350,000 Credentials

Tampa, FL – In a significant crackdown on cybercrime, Sandu Boris Diaconu, a 31-year-old...

WhiteSnake Stealer Checks for Mutex & VM Function Before Execution

A new variant of the WhiteSnake Stealer, a formidable malware that has been updated...

Researchers Hack AI Assistants Using ASCII Art

Large language models (LLMs) are vulnerable to attacks, leveraging their inability to recognize prompts...

Microsoft Deprecate 1024-bit RSA Encryption Keys in Windows

Microsoft has announced an important update for Windows users worldwide in a continuous effort...

Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

The ongoing "free wedding invite" scam is one of several innovative campaigns aimed at...

Hackers Using Weaponized SVG Files in Cyber Attacks

Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that...

New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data

In recent years, personal data security has surged in importance due to digital device...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles