Press "Enter" to skip to content

Root certificate concerns to come

This I’m pulling from Android Police due to the detail:

Let’s Encrypt is one of the world’s leading certificate authorities, and the group’s certificates are used by approximately 30% of all web domains. When the group was first founded, it applied for its own ‘ISRG Root X1’ root certificate to be included in all browsers and operating systems. All certificates to date have also been cross-signed with IdenTrust’s ‘DST Root X3’ root, which has been in Windows, macOS, Android, and most other software platforms for years.

Let’s Encrypt’s original partnership with IdenTrust expires on September 1st, 2021, and the group doesn’t plan on entering another cross-signing agreement. This means that all browsers and operating systems without Let’s Encrypt’s root certificate will no longer work with sites and services using the group’s certificates. The announcement pointed out that devices running Android 7.1 or lower is among the affected group

The only workaround for legacy Android devices is to install the Firefox browser, which uses its own certificate store that includes the ISRG root.

Why do we care?

This is very much a blocking and tackling reason – and something that providers will want to look at for their customers now.     You can head this one off at the pass, and you have time.   Or you can get that round of tickets next September. 

Source: Android Police