Let's Encrypt plans to distribute certificates more widely in the next couple of months Credit: Yuri Samoilov A project that aims to increase the use of encryption by giving away free SSL/TLS certificates has issued its first one, marking the start of its beta program.The project, called Let’s Encrypt, is run by the Internet Security Research Group (ISRG) and backed by Mozilla, the Electronic Frontier Foundation (EFF), Cisco and Akamai, among others.Let’s Encrypt plans to distribute free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates, which encrypt data passed between a website and users. The use of SSL/TLS is signified in most browsers by “https” and a padlock appearing in the URL bar.Unencrypted web traffic poses a security risk. For example, an attacker could collect the web traffic of someone using a public Wi-Fi hotspot, potentially revealing sensitive data. Selling SSL/TLS certificates is a big business; the certificates often aren’t cheap and they expire after a certain time. The cost puts off some website owners from using encryption, particularly for less-trafficked sites.Let’s Encrypt aims to “revolutionize encryption on websites, making https implementation a seamless, no-cost option for anyone with a domain,” wrote Rainey Reitman, the EFF’s activism director. The organization’s first certificate is for one of its own domains, effectively a test run showing that the system works. It will begin issuing certificates to domains participating in its beta program, and then to more websites, in the next couple of months, wrote Josh Aas, ISRG’s executive director, in a blog post.For the first certificate to appear valid, users will have to install an ISRG root certificate in their browser or other client software. That’s a temporary issue, as ISRG’s root certificate will be cross-signed in about a month by IdenTrust, a Certificate Authority that is one of Let’s Encrypt’s primary sponsors.Once that is in place, ISRG’s certificates will be recognized as valid by nearly all browsers.Major technology companies including Google, Yahoo and Facebook have made a strong push for broader using of encryption in light of government surveillance programs and burgeoning cybercrime. Related content news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Android Security Mobile Security news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management news Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements Open letter claims current provisions will create new threats that undermine the security of digital products and individuals. By Michael Hill Oct 03, 2023 4 mins Regulation Compliance Vulnerabilities feature The value of threat intelligence — and challenges CISOs face in using it effectively Knowing the who, what, when, and how of bad actors and their methods is a boon to security, but experts say many teams are not always using such intel to their best advantage. By Mary K. Pratt Oct 03, 2023 10 mins CSO and CISO Advanced Persistent Threats Threat and Vulnerability Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe