Posted on Wednesday, June 17 2015 @ 16:24 CEST by Thomas De Maesschalck
Fortunately, this is changing within a month or three as several Internet giant have teamed up with the Let's Encrypt project from non-profit foundation Electronic Frontier Foundation (EFF) to offer a free and easy to implement SSL certificate authority service.
Major sponsors of the project include firms like Mozilla, Akamai and Cisco, as well as certificate provider IdenTrust. Let's Encrypt will provide browser-trusted certificates and promises to automate the certificate issuance and install process. The service will be publicly available from September 14, 2015.
The Let's Encrypt project will also make it possible for web hosting firms to offer HTTPS by default to all their customers free or charge.
Unfortunately, there are still obstacles preventing some sites from implementing HTTPS. Many are stymied by the need to obtain and install a certificate. For years, this was an expensive and difficult process. Today, it's possible to obtain a certificate for free, so it is merely a difficult process. Our informal tests have shown that it often takes 1-3 hours for a web administrator to install a certificate. People without web administration skills may not be able to install one at all. We think that's not acceptable. The free and open web must be accessible to anyone who wants to publish their thoughts, not just those with technical skills. As HTTPS becomes a more integral part of the web, we must democratize access to its benefits.
Let's Encrypt will do this by automating the certificate issuance and install process. The Let's Encrypt authority will provide browser-trusted certificates through a publicly documented API that anyone can implement. The official Let's Encrypt client software will be the flagship implementation of that API for certificate requestors. Anyone can run the client software on their web server to automatically install a certificate and configure their server with strong HTTPS settings. For people who don't run their own web server, we expect that many hosting providers will incorporate the Let's Encrypt API so they can offer HTTPS by default to all their customers for free.
Getting to this point has been a highly collaborative effort. Last year, Mozilla, EFF, and a group at the University of Michigan teamed up to create a new non-profit, the Internet Security Research Group (ISRG), which will run the Let's Encrypt certificate authority. Sponsors Akamai, Cisco, IdenTrust, and Automattic have ensured that ISRG has the resources it needs to operate. The Linux Foundation has provided invaluable staffing and administrative work, including hiring ISRG's first staff. And developers from the open source community have worked alongside EFF, Mozilla and UMich engineers to develop the Let's Encrypt client and server software. We'll spend the next three months thoroughly testing the software and infrastructure to ensure it is ready for a public launch.
