Now, Let’s Encrypt has achieved big popularity just by issuing 1 million free Transport Layer Security (TLS)/SSL Certificates to webmasters who wants to secure their communications between their users and websites.
Let’s Encrypt is basically operated by the Internet Security Research Group (ISRG) which is open source and absolutely free certificate authority recognized by all widely used web browsers, including Safari, Internet Explorer, Mozilla Firefox and Google’s Chrome. It launched its beta version of the services about 3 months ago and the grouped has crossed more than 1 Million certificates in use across the Web, it stated in a blog post by Let’s Encrypt on Tuesday. Anyone can obtain Let’s Encrypt Free SSL/TL) certificates for their web servers.
Backed by companies including Mozilla, Akamai and EFF, the Let’s Encrypt project has started offering Free HTTPS certificates to everyone from last December. The Let’s Encrypt cert are configured with cross-signatures from SSL certificate provider IdenTrust, making its free certificate trustworthy so that users can surf the web more securely on the Internet.
Why to install Let’s Encrypt?
Let’s Encrypt promised to offer a certificate authority which is:
- Open Source: The automatic issuance, as well as its update will be published as Let’s Encrypt is a open standard.
- Secure: It secure the users connection with the server.
- Freeware: No charge for HTTPS certificates.
- Transparent: The records of all certificates issuance or revocation will be published publicly.
- Cooperative – Let’s Encrypt is managed by a several-stakeholder organization and exists to benefit the group of community, not for any individual consortium members.
- Automatic: The installation, configuration and renewal of the certificates never require any administrator action.
Easy way to install Let’s Encrypt Free SSL Certificate
At first, let’s say you want to download a certificate for test.com. To execute the installation steps, you must login as a root to your test.com web server. First download Let’s Encrypt SSL Certificate and follow these steps for the installation of Let’s Encrypt Free SSL certificate:
Step 1: Login to your ‘test.com’ web server using SSH with root access.
Step 2: Enter the below mentioned command to install the Git version control system,
apt-get install git
Step 3: Then download and install the latest version of Let’s Encrypt Client application, then type the following commands:
git clone https://github.com/letsencrypt/letsencrypt
Step 4: Once the installation begin, hit Enter key to accept the agreement.
Step 5: Then tap Enter to specify the server name manually in the text box (for example, www.test.com) and then hit Enter.
Step 6: Next, enter your email address, where you want to receive messages from Let’s Encrypt and to recover lost keys, and then hit Enter key.
Step 7: Read the ‘Terms of Service,’ and then tap Enter to generate and install the SSL certificate.
Once Let’s Encrypt get installed successfully, you’ll receive a ‘Congratulation’ message.
FREE HTTPS Certificates For All Computer Users
The time came to secure your internet in terms of security and privacy. With the installation of Let’s Encrypt, your activities on the web becomes more reliable easy to manage webpage.
The developing team has written in a blog that “There’s a reward going for a person who can find a security hole in the service”. From our side it cover all the security loop wholes before dropping the beta version, specially based on the client experience.
“Automation is a base of our strategy, and we need to insure that the client works smoothly and reliably on a wide range of platforms. We’ll focusing on the feedback from our users closely, so that we can make improve it as quickly as possible.”
Let’s Encrypt had signed its first free HTTPS cert in September, and its client application emerged in early November. Since then the developing team has been searching flaws in their systems before going public.
About Let’s Encrypt its first free HTTPS Certificates
The non-profit foundation Electronic Frontier Foundation (EFF) has launched an initiative called Let’s Encrypt which aimed of providing Free Digital Cryptographic Cert (TLS) to any websites that require them.
Let’s Encrypt is a free automated Open-source CA (Certificate Authority) which has signed its first certificate, hitting what it calls a major tool to encrypt all of the websites. It enables users to protect their visited sites with free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates which encrypt all the data transfer between a users and website. Let’s Encrypt is not only free but the initiative also makes HTTPS implementation easier for any websites or e-commerce sites owner in order to provide data security of their valuable customer.
How hackers are using Let’s Encrypt Free SSL Certificate on malicious websites?
It is clear that earlier Let’s Encrypt free HTTPS certificates would not just help genuine website operators to encrypt its users data over the web, but also help hackers to bother credulous users with malware through secure websites.
As, Let’s Encrypt allows anyone to obtain Free SSL/TLS certificate for their web servers to encrypt all the web traffic passed between a server and computer users. Though, Let’s Encrypt is compatible with all popular internet browsers, including Mozilla Firefox, Google’s Chrome and Microsoft’s Internet Explorer.
From last month, the organization started offering Free HTTPS certs to everyone, month, and it is quite easy for anyone to set up an HTTPS website in a few simple way. However, Let’s Encrypt free SSL certificates are not only used by legitimate website owners to secure its users connection but also abused by cyber criminals to distribute malware onto maximum number of computers.
Researchers spotted that hackers installing banking malware on computers using free SSL certificates issued by the Let’s Encrypt to hide its malicious web traffic.
Malvertising is a methods of using Web ads to distribute malware. By silently injecting malicious advertisements on genuine websites, malware authors can root users to malicious websites to deliver malware payload with the help of an exploit kit.
The malware author buy the pilfer SSL certs from the underground market and deploy them in their malicious advertising campaigns. Fortunately, these certs are eventually caught up and invalidate by their legitimate owners.
Read more at: http://thehackernews.com/2015/09/free-ssl-certificate.html