Most networks now use HTTPS To safely transmit information , It's thanks to Google's push . However , It also means that , If you do not have the appropriate certificate installed on your device , Many websites may have problems browsing , Or it's completely impossible to load the page . The terrible thing is that , Next year, it will happen on devices that install older versions of Android systems .
Let's Encrypt announce , One of the services used by IdenTrust The root certificate provided will be on 2021 year 9 month 1 Due day .Let's Encrypt Use your own name as ISRG Root X1 The root certificate of is ready for expiration , Although it is supported on many devices , But there is a problem :「 because Android System update is slow , Millions run Android7.1.1 The following versions of the device will not work Let's Encrypt Certificate link website .」
Let's Encrypt Is the world's leading certification authority (CA), The group's certificate is approximately 30% The domain name of the website uses . The agency applied for its own at the beginning of its establishment ISRG Root X1 Root certificate , Let all browsers and operating systems be included in .
Here we briefly introduce what the trust problem the certificate solves ?
To borrow an example from the Internet : If you work for X company , The boss asked you to visit A The boss of the company talks about business , Now you go straight to , Maybe the front desk will block you , Because no one knows you , What to do with that ? Have you found C Company and A The company has a close business relationship , You are right about C Companies are familiar with , You go to find C The boss of the company wrote you an introduction letter and put it on C Company seal , Then you take the letter of introduction A company , Give the introduction letter to the front desk , The front desk saw C The company's Chapter trusts you , I asked you to visit . A certificate is a letter of introduction , Solve the problem of trust by seal .
before Let's Encrypt All certificates are related to IdenTrust( A certification authority ) Of DST Root X3 Root certificate cross sign , The certificate is already in Windows、macOS、Android And most other software platforms have been used for years .
but Let's Encrypt And IdenTrust The partnership will be in 2021 year 9 month 1 Due day ,IdenTrust It is not intended to sign a cross signature agreement again . It means , All without Let's Encrypt The browser and operating system of the root certificate will no longer be able to work with the websites and services using the Group Certificate .
Although the agreement is due to be next year 9 End of month , But by default , Encryption will be from 2021 year 1 month 11 Stop cross signing on . For sites and services , The option will still exist , To continue to generate cross signed certificates , But only until 9 month 1 Japan .
Old edition Android The only solution to the device is to install Firefox browser , The browser uses its own include ISRG The root certificate store . however , This does not prevent application and other features outside the browser from being corrupted .
