The Mozilla-backed Let's Encrypt effort is moving out of its vapourware phase, announcing general availability for September 2015 and an intention to issue its first certificate in the week of July 27.
Launched last year by Mozilla, the Electronic Frontier Foundation (EFF) and Cisco, Let's Encrypt's aim is to create no-charge SSL certs in aid of the HTTPS-everywhere cause.
At the time, the group write that “For many server operators, getting even a basic server certificate is just too much of a hassle. The application process can be confusing. It usually costs money. It’s tricky to install correctly. It’s a pain to update.”
The timing is important, since Mozilla earlier this month announced to the world its intention to deprecate start a kind of rolling degradation of sites that don't move to HTTPS.
At that time, The Register noted: “Perhaps Let's Encrypt will be just that and solve two of the three problems with the transition to a secure web”.
Let's Encrypt says its first certs will be issued “under tightly controlled circumstances”.
“No cross-signature will be in place yet, so the certificates will not validate unless our root is installed in client software. As we approach general availability we will issue more and more certificates, but only for a pre-approved set of domains.”
Its reasoning is that the certificates have to be “secure, compliant, and scalable” before the system goes G/A.
When that happens – due in the week of September 14 – the group says an IdenTrust cross-signature will be in place so that its certs will validate automatically for most users. ®