The keys and certificates that will underlie Letâs Encrypt have been generated. This was done during a key ceremony at a secure facility today. The following objects were created:
- Key pair and self-signed cert for the ISRG root
- Key pair and certificate for the ISRG rootâs OCSP
- Key pairs and certificates for two Letâs Encrypt intermediate CAs
- CRL under the ISRG root showing that the Letâs Encrypt intermediates have not been revoked.
The certificates over the public keys, of course, can be made public:
- ISRG Root X1 Certificate
- Letâs Encrypt Intermediate X1 CA Certificate
- Letâs Encrypt Intermediate X2 CA Certificate
Letâs Encrypt will issue certificates to subscribers from its intermediate CAs, allowing us to keep our root CA safely offline. IdenTrust will cross-sign our intermediates. This will allow our end certificates to be accepted by all major browsers while we propagate our own root.
Read more at the Let's Encrypt Blog.