By now, just about everyone is aware of the importance SSL certificates play in keeping data away from prying eyes on the web. After some scares in recent years, it has thankfully become the standard, and according to Google’s latest statistics, more than 95 percent of the traffic passing through its network is encrypted.
Unfortunately, if you have an older Android device, there’s a fly in the ointment you should be aware of. As of September 1, 2021, a partnership between Let’s Encrypt and IdenTrust is coming to an end. These are just two of a number of encryption authorities on the web, and the end of their partnership is more important than you might think.
Let’s Encrypt only came into being in 2015. In order to gain traction early on, they entered into a partnership with IdenTrust and issued ‘cross-signed’ certificates. Starting on September 1, 2021, the cross-signing feature goes away.
Older platforms, and software that hasn’t been updated since 2016 will see certificate compatibility issues because those systems don’t trust Let’s Encrypt’s root certificate (ISRG Root X1). For Android users, this includes any device running a version older than 7.1.1. Those devices won’t trust a Let’s Encrypt certificate that isn’t cross-signed, because they don’t know they’re supposed to.
According to Google, this is going to impact roughly 34 percent of all Android devices in use today, so it sounds like it’s going to be a major issue. The good news though, is that there’s a relatively simple fix.
Just download and install Mozilla’s Firefox browser on these devices and you’ll avoid the issue entirely because Firefox uses its own root certificate list to validate sites. Even better, between now and then, you can be sure that other browsers will jump on the bandwagon and offer a painless workaround. Still, it’s far better to know what lies ahead than to be taken by surprise.