When did letsencrypt start to distribute the DST signed intermediate CA, instead of the IdenTRust cross signed one?( false alarm)


#1

@cpu @schoen

Hi all,

I just noticed that the intermediate CA cert is DST root signed now.
When did you stop distributing the previous IdenTrust crossing signed CA cert ?

Edit:
Never mind. false alarm.

Thanks.


#2

IdenTrust == DST Root CA X3.

From https://letsencrypt.org/certificates/ ,

Specifically, IdenTrust has cross-signed our intermediate using their DST Root CA X3.


#3

Thanks. my eyes were broken.


#4

Haha. It happens! :slight_smile: No harm done.


#5

hmm, Is there a timeline for you guys to start to use your own intemediate CA cert ?


#6

Nothing concrete that I’m aware of.


#7

Maybe we should make a tool that can process a list of user-agents and estimate what fraction of them would have accepted the ISRG root in their default vendor configuration.