One of the fundamental principles of online security is that communication must be as secure as possible. The first and easiest step to ensure that is to make sure that communication is encrypted so that it is extremely difficult to intercept sent and received data. That is why all websites are nowadays published under the HTTPS protocol (HTTP over SSL/TLS). Furthermore, two years ago Google announced that they were planning to ‘reward’ those pages using encrypted HTTPS connections. In short, if you are in charge of a web project without a SSL certificate, you’d better finish reading this quickly and get down to work.
Apart from this, a certificate is also needed. It must be issued by a trustworthy certificate authority. This certificate is used for encryption and it is required to uniquely identify your domain, which will guarantee clients that encryption is reliable. Depending on authorities, these certificates may be expensive. However, there is a project aiming to put an end to this: welcome to ‘Let’s Encrypt!’, the first free, automated and open certificate authority.
This project is led by Internet Security Research Group (ISRG) and it is supported by influential entities, such as Mozilla, Cisco, Google or Facebook.
Although only a beta version is available for now, at eHidra we are looking forward to starting renewing our certificates with them. The fact that they are free-cost certificates, although advantageous, isn’t not the only reason. They have introduced a new concept which seems really interesting to us: certificates with ninety-day lifetimes (instead of those certificates lasting one or more years that we are used to). What does it mean? Encryption keys are gradually updated. To this end, automated update systems must be implemented. This may be a hassle, but it will make everything easier in the long run and communication more secure.