|
|
Update: Let's Encrypt has found a solution that allows Android devices to remain compatible with their certificates. You can read about the extended compatibility
Since its inception, Let's Encrypt has issued over a billion free certificates worldwide. The open-source CA has contributed significantly to the adoption of HTTPS; however, things haven't always gone smoothly . Now, Let's Encrypt certificate users should brace themselves for another storm. Starting in January 2021, Let's Encrypt certificates will be less compatible with older devices and apps, impacting both users and site owners.
The reason for this is the expiring third-party root mobile app development service certificate that Let's Encrypt uses to stapling its certificates. It is standard practice for new CAs to cross-sign their certificates with the trusted root of an existing CA. Back in 2015, when Let's Encrypt arrived on the SSL scene, its own root certificate couldn't be trusted by all major browsers and operating systems. It takes years for new roots to pass all the audits and security checks, so Let's Encrypt chose the IdenTrust DST Root X3 certificate .
Cross-signing allowed Let's Encrypt to immediately issue valid and trusted SSL certificates. All was well until the IdenTrust root expired. It expires on September 30, 2021, and this creates a compatibility issue for Let's Encrypt and its users.
Although Let's Encrypt will begin issuing root certificates tied to their ISRG Root X1 on January 11, 2021, their root does not have the same compatibility range as the IdenTrust root. Unfortunately, users of older browsers and platforms will receive an SSL connection warning when attempting to access Let's Encrypt-protected sites.
Android users are the most affected by this problem
Not everyone will experience reduced compatibility. The ones most affected are users of Android 7.1.1 or earlier. And while such old versions may seem archaic to some, more than 30% of Android devices still run them. These users will not be able to access sites with Let's Encrypt certificates. Instead, they will be greeted with nasty certificate errors from their browsers.
Let's Encrypt has a huge problem, but it's not their fault that many well-known platforms are so slow to release software updates. The problem is mainly due to the way mobile phone manufacturers use the Android OS. When Google releases an update, it doesn't immediately reach all devices using it.
|
|
發表於 2024-11-7 18:56:47