[ad_1]
SSL certified sites are important as they protect criminals from spying on user data in transit. According to a Google report, 95% of the traffic is now encrypted on their network.
Let’s Encrypt is one of the authorities that issues these HTTPS certificates to sites to make sure that the traffic to that website goes through a secure route. The organization has issued more than 1 billion certificates and currently serves more than 192 million sites.
Since there are multiple certificate authorities, some sites may have compatibility issues if your browser or application does not support a particular certificate. Android users with devices running version 7.1.1 or earlier might face that problem soon.
When Let’s Encrypt was born in 2015, in addition to its own root certificate, it also used a cross-signed certificate from IdenTrust, another certificate authority.
[Read: 4 ridiculously easy ways you can be more eco-friendly]
However, the partnership between these two entities will end on September 1, 2021 and Let’s Encrypt will only use its own certificate to validate sites. Let’s Encrypt is taking a precautionary step and changing its API to use its own certificate by default starting January 11.
Now this will create a problem on older platforms such as devices running Android 7.1.1 or earlier. They have not been updated to accept the Let’s Encrypt root certificate and still rely on cross-signing from authorities like IdenTrust:
However, this introduces some compatibility issues. Some software that hasn’t been updated since 2016 (around when our root was accepted for many root programs) still doesn’t trust our root certificate, ISRG Root X1. In particular, this includes versions of Android prior to 7.1.1. That means older versions of Android will no longer trust certificates issued by Let’s Encrypt.
According to statistics drawn from Android Studio by the certificate authority, more than 34% of Android devices worldwide run on version 7.1 or earlier. And after January, many sites and apps could face compatibility issues on these devices.
As the Android police pointed out, a solution to this problem is to install and use Mozilla’s Firefox browser on these devices, as it uses its own list of root certificates to validate sites. To be clear, applications that rely on older certificates will not be able to take advantage of this solution.
You can read more about the Let’s Encrypt announcement here.
For more news and reviews on equipment, devices and hardware, follow Connected
Twitter and Flipboard.
Posted on Nov 9, 2020 – 08:19 UTC
[ad_2]
