HTTPS certificates are, essentially, used to encrypt connections between browsers and sites, and help software determine that no one is tampering with or eavesdropping on those connections.

By reducing the amount of time a TLS/SSL certificate is valid, websites must renew their certs more often. This will, it is hoped, force them to use certificates with the latest and greatest recommended cryptography and hashing, rather than hang onto aging certs that use insecure algorithms.

"Rapidly reducing certificate lifetimes to one year, or even less, has significant costs to many companies which rely on digital certificates to protect their systems," Hollebeek said.

Let's Encrypt is continuing to enjoy a meteoric rise: it issues free 90-day HTTPS certs that can be automatically renewed and deployed using a provided software client. Let's Encrypt TLS/SSL certificates are supported by pretty much all browsers and operating systems, and the service is putting immense pressure on certificate authorities that charge people for HTTPS certs.

See #^

#security #SSL #letsencrypt
#^Web body mulls halving HTTPS cert lifetimes. That screaming in the distance is HTTPS cert sellers fearing orgs will bail for Let's Encrypt


Expensive renewals once a year... or free certificates any time? Tough choice

Open post to Comment