In November 2020, Let's Encrypt warned that those who are using older Android phones that are stuck running 7.1.1 Nougat or lower will not be able to go to massive portions of the secure web by September 2021.
However, the nonprofit certificate authority had a change of mind and announced that it has now found a solution for the issue and will extend the compatibility of older Android phones with its certificates, giving users three more years.
Android users get an extension
Let's Encrypt relies heavily on IdenTrust, which is another certificate authority, to be able to do cross-signature that allows its certificates to work on older platforms, according to Slash Gear.
Unfortunately, the IdenTrust root certificate that is behind that capability is set to expire in 20201. That is a massive problem because 33.8% of Android users on Google Play is still using phones that run Android Version that are older than 7.1.
Let's Encrypt is considered as the biggest certificate authority in the world, according to the University of Michigan. It has helped double the number of secure websites by providing a free service and by making it easier to implement the HTTPS protocol. In February 202, the nonprofit certificate authority revealed that it issued its billionth certificate.
In its new announcement, Let's Encrypt has stated that it was able to find a workaround because of some innovative thinking from its community and its partners at IdenTrust.
The partners, Let's Encrypt and IdenTrust, will implement a new cross-sign solution and that will be good until 2024. Android users won't have to do anything. In fact, the users would not even find out about the supposed cancellation if they never read about or heard about the issue.
Let's Encrypt also stated that the new solution will make sure that all Android users will not experience any service interruption and it will avoid any potential breakage. The nonprofit certificate authority has posted more technical details in its announcement on its website letsencrypt.org that talks about new cross-sign solution and the renewed partnership of the two organization.
What is Let's Encrypt?
First introduced on April 12, 2016, Let's Encrypt is a nonprofit certificate authority. It is run by Internet Security Research Group and it gives certificates for Transport Layer Security encryption. The authority does not charge the users anything.
The certificates of Let's Encrypt are valid for 90 days, and the renewal can happen at any time, accoridng to Tech Target.
The objective of Let's Encrypt is to make it possible to set up an HTTPS server. The nonprofit also want it to automatically get a browser-trusted certificate, without any intervention. This is done by running a certificate management agent on the web server.
Let's Encrypt also identifies the server administrator by public key. This is the first time that the agent software is connected to a nonprofit as it makes a new key pair and proves to the Let's Encrypt CA that the server controls one or more domains. This is the same as the traditional CA process of making an account and adding domains to the account.
With this being said, Let's Encrypt protects Android users when they browse through websites. And because of the extension of the certification, three more years is added to the agreement.
This article is owned by Tech Times
Written by Sieeka Khan