Currently this blog is not entirely available via HTTPS. I do use a self-signed certificate to encrypt the login and admin pages but I would like to eventually provide TLS encryption for the entire site. The primary reasons I have not set this up is the cost and hassle that is currently involved with getting a certificate. There is not a free certificate authority that is in a trust hierarchy already available in most web browsers but that is all about to change.
Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG), a California 501(c)(3) corporation, that is providing a free, open, and automated certificate authority. The project has some well known supporters such as Akamai, Cisco, EFF, Mozilla, and I predict many more will join as the project matures.
The key principles of Let’s Encrypt are:
- Free – Anyone that owns a domain name can obtain a trusted certificate at zero cost
- Automatic – Web servers can interact with Let’s Encrypt painlessly to obtain, configure, and automatically renew
- Secure – Serve as a platform for advancing TLS security best practices
- Transparent – All certificates issued or revoked will be publicly recorded and open to anyone for review
- Open – The automatic issuance and renewal protocol will be published as an open standard
- Cooperative – Joint effort to benefit the community beyond the control of any one organization
On September 14th Let’s Encrypt issued their first certificate and while they are working to propagate their own root certificate their intermediates will be cross-signed by IdenTrust DST Root CA X3. General certificate availability is scheduled for November 16, 2015 and in the meantime I’ve submitted to be a beta tester to see first hand how the enrollment and auto configuration process works. If all goes well this blog will be completely available via HTTPS by December.
Featured Image Attribution: Fabio Lanari
