0

With regard to Are there technical disadvantages in using free ssl certificates? it has been highlighted by some that StartSSL is not a trustworthy CA, and I was wondering if Let’s Encrypt is the same.

I have been looking at using ZeroSSL to obtain a Let’s Encrypt certificate but I cannot seem to find anything online about how they rate compared to paid CAs for DV certificates?

I am not asking about comparisons between DV certificates as asked in the proposed duplicate. I am asking about whether Let’s Encrypt is as trustworthy as say... Comodo or Verisign (scrubbed due to answer given).

StartSSL is not trusted, yet ZeroSSL says

Issued certificates are supported by all major browsers and operating systems

and I can’t find anything which backs this up

Chris Rogers
  • 285
  • 3
  • 10
  • 6
    I think this question is already discussed in [What makes Let's Encrypt secure?](https://security.stackexchange.com/questions/87443/what-makes-lets-encrypt-secure) ore [Are there any downsides to using Let's Encrypt for a website's SSL certificates?](https://security.stackexchange.com/questions/90972/are-there-any-downsides-to-using-lets-encrypt-for-a-websites-ssl-certificates). – Steffen Ullrich Jul 19 '18 at 07:37
  • 2
    It's interesting that you included Verisign in a trustworthy company list, given that it was part of Symantec, who have had a lot of issues over the last few years relating to SSL certificates. What do you consider "trustworthy"? – Matthew Jul 19 '18 at 07:55
  • I wasn’t aware of the issues Symantec and Verisign had, and due to their known history and long standing, I would have trusted certificates issued by them. I will possibly think differently now. – Chris Rogers Jul 19 '18 at 07:56
  • From the current browser PoV, Let’s Encrypt has a good track record of revoke malicious domain certificate. However, any site using Let’s Encrypt is always score badly in term of security. It is like self-fulfilling policies : sites that using Let's Encrypt are always short in man power to secure their site. In addition, it is cheap for attacker to use Let's Encrypt to gain trust from the user with the green `secure` indicator show by browser. – mootmoot Jul 19 '18 at 11:16

1 Answers1

3

From edits, I think you're trying to work out how Let's Encrypt certificates are trusted by browsers/OSes even though they're a new CA.

Essentially, they're trusted by older devices because their intermediate certificates (the ones they actually use to sign certificate requests) are signed by a known root certificate from another provider (IdenTrust) as well as by the Let's Encrypt root certificates. The IdenTrust root certificate is known to older devices, hence there is a chain of trust to a trusted root.

For newer devices, the Let's Encrypt root certificates are known as well, meaning that browsers which are aware of these certificates have multiple possible chains of trust to trusted root certificates - it can go site certificate->LE intermediate->IdenTrust or site certificate->LE intermediate->LE root.

In the case of StartSSL, the trust in the root certificate was revoked by browser and OS vendors due to various flaws in how the CA was handling certificate issuing. In theory, the same could happen to Let's Encrypt, but it could also happen to any other CA, if they're doing dubious things. For an example of a large CA having trust revoked, see Mozilla blog post on distrusting Symantec

Matthew
  • 27,263
  • 7
  • 89
  • 101
  • Wow. Reading the [damning report](https://wiki.mozilla.org/CA:Symantec_Issues) linked to the blog post linked, I can see why Symantec related certificates are no longer trusted. Thanks for such a detailed answer – Chris Rogers Jul 19 '18 at 08:18