Skip to main content

Free security certificates for all, thanks to new 'Let's Encrypt' service

It has been a long time coming, but the web is slowly transitioning away from HTTP to HTTPS.

Google has done it with Gmail, and Yahoo did the same with its webmail service, and security advocates would like other websites to follow suit.

The problem, for smaller sites at least, is the cost involved. But a new venture between Electronic Frontier Foundation (EFF), Mozilla, Cisco, the University of Michigan and IdenTrust, will eliminate the cost obstacle when it launches next summer.

The partnership has brought about the creation of Let's Encrypt, a new certificate authority that will provide free security certificates to those who need them.

It is hoped that handing out cost-free certificates will encourage more sites to adopt the HTTPS protocol. But Let's Encrypt does not just eliminate the financial hurdle.

The process of setting up and managing certificates is notoriously tricky, and very easy to get wrong. This is something that Let's Encrypt will also take care of by using a software agent to reduce the setup time to under a minute.

The tool is still in the development stages at the moment, but you can check it out, and provide feedback on how it works.

HTTPS, EFF freely admits, is not a perfect technology, but it is a marked improved over the standard HTTP protocol which is still very widely used.

The certificate authority will be managed by the Internet Security Research Group, and there will be a strong focus on openness, ease and transparency.

Certificates will be available to anyone with a domain, and the automated setup means that things can be up and running very quickly.

The software behind Let's Encrypt will be open source, and the whole venture is as much about co-operation as it is about security - ease of use and compatibility are of the utmost importance.