I’ve seen the first certificate has just been released in helloworld.letsencrypt.org. I see right now it is needed to perform some actions (add the ISRG root certificate) in order to have it working on browsers. I understand this won’t be needed once browsers accept this certificate as a trusted authority. So far so good.
But I do have one doubt for another use (not browsers); regardless of browsers trusting let’s encrypt or whenever that happens, if I were to use this certificate for a REST api, could I do it without any problems? To give some context, I develop android applications and I have REST apis for many of them. One problem I’ve had is securing important calls with private information (like /login). My solution so far has been to obfuscate sensitive data, but I’ve read that if I use https:// schema the data is encrypted and sniffers like wireshark cannot read it.
Is this reasoning correct? Or should I mark this as “trusted” somewhere in the Android app? As you can tell I know next to nothing about this certificates.
Cheers and thanks for helping :).