It must be a milestone - Let's Encrypt secures the bulk of US administration ... with one certificate

If you’ve ever wondered what could be the value of a single Let’s Encrypt certificate.

Needed an screenshot for a demo … and picked whitehouse.gov It could be the first LE cert as the issuer has changed recently.

(my laptop is too small to show all the domain names - and the screenshot looks best)

1 Like

I think whitehose.gov uses DigiCert not let’s encrypt based on the certificate path root

that’s true for the main web domain. But there are some pretty chunky gateways for subdomains using Let’s Encrypt.

What struck me was the risk of compromising a single private key. Just in a narrow sense of phishing, it would allow you to launch phishing attacks targeting users of many US gov departments.

… but I was told that that is a common network configuration. So nothing to worry about, really, I’m just imagining things. :slight_smile:

It’s true it’s usually a bad practice to use the same private key on different server, but, it that specific case, you notice that all domains are about “search”, so they most probably all points to the same server with the search software installed :slightly_smiling_face:

they don’t but hey, IP addresses can change within seconds/minutes. But you have scores of domains that can all be compromised in one strike. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.