Has the first certificate been issued?


#1

Launch schedule has September 7th as the first issuance date… has that happened?


#2

Looks like it just happened:


#3

That or they completely forgot and my post reminded them… :wink:


#4

After adding the root certificate (at https://letsencrypt.org/certs/isrgrootx1.der) to my Mac’s keychain, the padlock at https://helloworld.letsencrypt.org/ turned green and my browser (Chrome) now reports:

The identity of this website has been verified by Let’s Encrypt Authority X1. No Certificate Transparency information was supplied by the server.

Your connection to helloworld.letsencrypt.org is encrypted using a modern cipher suite.

The connection uses TLS 1.2.

The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.

YEAH!


#5

indeed 1st certificate is out i guess :slight_smile:

interesting @schoen SSL cipher / protocol config to disable TLS 1.0 https://www.ssllabs.com/ssltest/analyze.html?d=helloworld.letsencrypt.org&hideResults=on you knocked out support for alot of browsers and OS clients ?


#6

you are right, that is always surprising at first sight. But indeed that is pretty normal as soon as you restrict the connection to use only secure encryption methods. Unfortunately, there are already a lot if insecurities and many systems and browsers do not support the most secure methods.


#7

Yes but, right now (beta stage) that’s fine for testing / integration devs. but could be needed to allow TLS 1.0 and TLS 1.1 additionally to TLS 1.2 when going to final release version. Note even FREE certs given by WoSign are already covering all of them (just SSL dropped by them as could be logically expected).

EDIT-150915-1231CEST: Here you have an A+ ‘Handshake Simulation’ ssllabs report screenshot over one of my domains coveded by a WoSign FREE cert. that will help you to compare with the one already provided by @eva2000


#8

well SSL cipher and protocol choice is left up to end user to configure

the reason i mentioned it for 1st certificate issued above is that if you limit the number of older browsers that can connect then for the purpose of showcasing the 1st certificate issued by LE, then you’re limiting the number of folks who can actually preview LE’s 1st issued certificate !


#9

Exactly! that’s why I provided the picture to compare with… hope this helps to improve it at the end.