E1: This January, or no?

I am trying to find out whether there is a guaranteed way to continue obtaining leaf certificates that can be verified against the DST root until 9/2021 without using alternate link relations when downloading the certificates (but with use of manually overridden intermediates.) Our ACME client library currently doesn't support alternatives, so it's useful to know whether or not we really need to do anything about that.

One change LE could potentially make that would require the ability to download alternate leafs would be if the leaf certs provided by default started being signed by E1, since that chain doesn't have a cross-sign. This forum post mentions that Let's Encrypt may do exactly that, but I can't find a more authoritative source for the transition to E1 schedule. Are there plans to use E1 as the default, either on January 11 or before September 2021? Thanks!

The E1 certificate is the ECDSA certificate and will only be used to sign leaf certificates containing ECDSA keys as far as I know. That is different from the January 11th switchover.

The January 11th switchover is "just" whether a cross-signed or non-cross-signed intermediate certificate is send as default by the ACME server. However, only the signature of those intermediate certificates is different, but not the public key. You'll notice the Common Name of the intermediate will be the same, whether you're looking at the cross-signed or non-cross-signed intermediate.

Depending on whether Let's Encrypt will start using R3 before January 11th or not, it will be the X3 intermediate or the R3 intermediate. With before January 11th the cross-signed X3 or R3 and after the non-cross-signed X3 or R3. Thus, the January 11th event won't have any effect on your leaf certificates, as the private key signing your leaf cert will be the same (X3 or R3).

So if your ACME client doesn't have a way to manually override the intermediate, you'll just have to override your ACME client: just simply don't let your ACME client set the intermediate cert, but manually set it yourself.

If OP is asking specifically about ECDSA (E1-issued) certificates, then I don't think it will be possible build a chain (even manually) to Identrust anymore.

No idea when that's happening though.

2 Likes

Ah yes, I should have mentioned that in my post. There's no chaining E1 up to DST Root X3 indeed.

1 Like

If I understand this thread from a couple months ago correctly, they're still working on the back-end changes needed in order to issue ECDSA certificates from a different intermediate than RSA certificates. At this point they haven't announced a date or when E1 will enter service, and the certificates page just has it as "upcoming".

The January 11 switch in the chain being served by default isn't related. I would hope that it would happen before September (I mean, that'd be a year after they generated E1) but that's just me being optimistic.

Are you currently using ECDSA certificates, but need to use the IdentTrust root until September? If so, I suppose if you switch to RSA than you could be sure that Let's Encrypt wouldn't change to signing from an intermediate that can't chain to IdentTrust before then. Or, just keep on eye on the API Announcements category and you'll probably get plenty of notice before E1 enters service.

1 Like

Yeah okay thanks all -- tl;dr seems to be that E1 as the default ain't happening anytime soon, and in case it happens before September I'll have some time to deal with it later on.

We're not (edit: currently) using ECDSA certificates, and I don't think ECDSA ends up being a relevant feature of E1 for this question. What's relevant is just that they haven't provided a cross-sign from E1 to the trust root that works on Android 7. So, leafs issued by E1 would not have been usable for me by swapping out anything in the chain and I was afraid I might need to ask for an alternative leaf certificate signed by X1 or R1.

1 Like

E1 only signs ECDSA certificates.

For RSA certificates, they will come from X3 and later from R3, both of which will have Identrust cross-signs available.

1 Like

Did you mean X3 and later R3?

1 Like