If you are still using an old Android phone that runs Android version 7.1 or lower then you may need to upgrade. This is because soon you will be unable to browse the internet smoothly on your phone due to compatibility issues. One of the leading certificate authorities–Let’s Encrypt– has announced that its partnership with Certificate Authority IdenTrust which cross-signed Let’s Encrypt’s certificates is going to expire on September 1, 2021.
So, why is it a problem? Let’s Encrypt was launched five years ago and they relied on its partnership with IdenTrust for cross signature. “When a new Certificate Authority (CA) comes on the scene, it faces a conundrum: In order to be useful to people, it needs its root certificate to be trusted by a wide variety of operating systems (OSes) and browsers,” the firm explained in a blog post.
But operating systems and internet browsers take years “to accept the new root certificate”. The common solution: a new CA will often ask an existing, trusted CA for a cross-signature, to quickly get it into being trusted by lots of devices, added the company. This is why the partnership is important.
Now, in a span of five years, Let’s Encrypt has become a major player and its certificates are used by around 30% of all web domains, as per Android Police.
The ISRG Root X1 certificate by Let’s Encrypt got cross signed by IdenTrust’s DST Root X3 root certificate for all the while. “Now, those software platforms have trusted our root certificate for years. And the DST Root X3 root certificate that we relied on to get us off the ground is going to expire – on September 1, 2021. Fortunately, we’re ready to stand on our own, and rely solely on our own root certificate,” it added.
The problem is some software that hasn’t been updated since 2016 still doesn’t support the ISRG Root X1. This includes versions of Android prior to 7.1.1. “That means those older versions of Android will no longer trust certificates issued by Let’s Encrypt,” it said.
As the old device will not trust certificates, web domains using ISRG Root X1 will not be compatible on devices running older Android versions and you will not be able to load them.
There’s one quick fix that may solve the problem for old Android phone users. Installing Firefox Mobile, which supports Android 5.0 and above, may help in solving the problem but not for too long.
“For an Android phone’s built-in browser, the list of trusted root certificates comes from the operating system – which is out of date on these older phones. However, Firefox is currently unique among browsers – it ships with its own list of trusted root certificates. So anyone who installs the latest Firefox version gets the benefit of an up-to-date list of trusted certificate authorities, even if their operating system is out of date,” it explained.