June 5, 2015

Let's Encrypt Issues Root and Intermediate Certificates

The keys and certificates that will underlie Letâs Encrypt have been generated. This was done during a key ceremony at a secure facility today. The following objects were created:


  • Key pair and self-signed cert for the ISRG root
  • Key pair and certificate for the ISRG rootâs OCSP
  • Key pairs and certificates for two Letâs Encrypt intermediate CAs
  • CRL under the ISRG root showing that the Letâs Encrypt intermediates have not been revoked.


The certificates over the public keys, of course, can be made public:



Letâs Encrypt will issue certificates to subscribers from its intermediate CAs, allowing us to keep our root CA safely offline. IdenTrust will cross-sign our intermediates. This will allow our end certificates to be accepted by all major browsers while we propagate our own root.

Read more at the Let's Encrypt Blog.

Click Here!