When did letsencrypt start to distribute the DST signed intermediate CA, instead of the IdenTRust cross signed one?( false alarm)

Neilpang · February 25, 2019, 1:19pm

Hi all,

I just noticed that the intermediate CA cert is DST root signed now.
When did you stop distributing the previous IdenTrust crossing signed CA cert ?

Edit:
Never mind. false alarm.

Thanks.

_az · February 25, 2019, 1:38pm

IdenTrust == DST Root CA X3.

From Chain of Trust - Let's Encrypt ,

Specifically, IdenTrust has cross-signed our intermediate using their DST Root CA X3.

Neilpang · February 25, 2019, 1:52pm

Thanks. my eyes were broken.

cpu · February 25, 2019, 1:55pm

Haha. It happens! No harm done.

Neilpang · February 25, 2019, 1:58pm

hmm, Is there a timeline for you guys to start to use your own intemediate CA cert ?

cpu · February 25, 2019, 2:33pm

Nothing concrete that I'm aware of.

schoen · February 25, 2019, 5:09pm

Maybe we should make a tool that can process a list of user-agents and estimate what fraction of them would have accepted the ISRG root in their default vendor configuration.