In mid-November 2020 the Certificate Authority (CA) Let’s Encrypt warned of the expiry of the IdenTrust root certificate with which its own free X. 509 certificates are cross-signed. Instead of solving the problem with a new cross signature, the CA wants to rely entirely on its own root certificate ISRG Root X1 in the future in favor of more independence.

For Android devices with operating system versions prior to 7.1.1, this would have meant that apps and internal browsers would no longer have been able to connect to servers with certificates from Let’s Encrypt. At least not without manual “contortions”, because with these versions Let’s Encrypt’s own root certificate is not contained in the memory of the root certificates. From the start of the changeover to ISRG Root X1 on 11. January 2021 it would have hailed error messages when surfing many websites – because an alternative “Intermediate Certificate”, the previous root certificate “DST Root X3” from IdenTrust until it expires on 11. September 2021 should have been explicitly requested by the server operator.

A comprehensive solution to the problem was initially missing. But now Let’s Encrypt has convinced IdenTrust to continue to act as a higher-level certificate authority and to provide the new root certificate ISRG Root X1 with a cross signature for another three years. This means that the compatibility problems feared from January will no longer apply, according to a current blog entry by Let’s Encrypt.

DST Root X3 long-term as an anchor certificate Already when Let’s Encrypt was founded almost five years ago, IdenTrust came up with the DST Root X3 root certificate as Partner on because this s ch was already established in the leading web browsers as well as under Windows, Mac OS X, iOS and Android. The cross-signature ensured that these systems and browsers also trusted Let’s Encrypt from the start, whose own root certificate ISRG Root X1 was still largely unknown.

Current browsers and systems have long known this certificate, but old ones Android versions whose certificate store cannot be updated by Google, simply not. Let’s Encrypt will therefore continue to provide a certificate chain that contains its own ISRG Root X1 with a cross signature via IdenTrust’s DST Root X3.

Since the validity of DST Root X3 in September 2021 is an unusual action, so Let’s Encrypt. As an anchor certificate, it is still not worthless, as these basic root certificates in particular are not assigned an expiration date on Android – they remain valid indefinitely on this platform. Other operating systems and browsers ignore the cross-signature because of the expiry date, but are satisfied with the current ISRG Root X1 anyway.

But not complete independence The ISRG (Internet Security Research Group) consortium behind Let’s Encrypt and IdenTrust have obtained confirmation from the auditors that this procedure continues to meet the guidelines of the CA / Browser Forum. As a higher authority and association of CAs, browser manufacturers and developer companies, it monitors the issuing practice of recognized X. 509 certificates.

For IdenTrust, this step means continuing to share part of the responsibility for Let’s Encrypt. And for the free provider, a dependency remains, from which Let’s Encrypt actually wanted to free itself, according to its now updated statement. The need to continue to use the older Android versions, which are still in widespread use, ultimately outweighed the desired independence via one’s own root certificate.

Longer term, longer certificate chain The change to the new, downwardly compatible certificate chain as the standard will take place on 11. January 2021 now in late January or early February 2021 respectively.

The The new certificate chain with two intermediate certificates (center) still contains the DST Root X3 from IdenTrust as a cross signature for old Android versions.

(Image: letsencrypt.org)

Nothing changes for the server operator and visitors and no further actions are necessary than the usual certificate renewal with one of the Let’s Encrypt clients. However, the provider points out that the client used must be up-to-date in order to use the latest version of the ACME (Automatic Certificate Management Environment) used for domain validation. As an official client, Let’s Encrypt offers its own Certbot written in Python, but also maintains a list of compatible clients in other languages.

For connecting to servers and services with certificates from Let’s Encrypt, this means longer certificate chain with the additional intermediate certificate, more effort for the TLS handshake, since the server presents two certificates. Let’s Encrypt wants to make the handshake more efficient again in the future and is therefore planning ECDSA-based root and intermediate certificates in the coming year, which will be significantly shorter than the previous RSA-based certificates. (ovw)