Estimated reading time: 4 minutes
Table of Contents
Which TLS certificate authority is the most popular in terms of the number of the certificates issued? Whose TLS certificate should you use?
What is a TLS Certificate Authority?
According to Wikipedia, in cryptography, a certificate authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate.
Therefore, those who issue certificates used in HTTPS are considered TLS certificate authorities.
TLS Certificate Authority Market Share
According to W3Techs, IdenTrust is used by 38.5% of all the websites, that is a TLS certificate authority market share of 51.5% as of May 15 2020. The market share yearly trend for SSL certificate authorities shows that IdenTrust has grown exponentially from merely 0.3% in January 2016 to over half of the market in May 2020.
Who is IdenTrust?
IdenTrust, part of HID Global, is a leading provider of digital certificates for trusted identity solutions recognized by financial institutions, healthcare providers, government agencies and enterprises around the world. They were established in 1998.
Who is Let’s Encrypt?
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). To create a more secure and privacy-respecting Web, they give people the digital certificates they need to enable HTTPS (TLS) for websites for free. They were launched in December 2015.
Let’s Encrypt Intermediate Certificates Cross-Signed By Identrust
Under normal circumstances, certificates issued by Let’s Encrypt will come from “Let’s Encrypt Authority X3”. The intermediate “Let’s Encrypt Authority X3” represents a single public/private key pair. The private key of that pair generates the signature for all end-entity certificates i.e. the certificates Let’s Encrypt issues for use on users’ servers.
The intermediate is cross-signed by IdenTrust’s “DST Root CA X3” (now called “TrustID X3 Root”) for additional client compatibility. The IdenTrust root has been around longer and thus has better compatibility with older devices and operating systems (e.g. Windows XP).
When configuring a web server, the server operator configures not only the end-entity certificate, but also a list of intermediates to help browsers verify that the end-entity certificate has a trust chain leading to a trusted root certificate. Almost all server operators will choose to serve a chain including the intermediate certificate with Subject “Let’s Encrypt Authority X3” and Issuer “DST Root CA X3.” The recommended Let’s Encrypt software, Certbot, will make this configuration seamlessly.
Let’s Encrypt Milestones and Statistics
In June of 2017 approximately 58% of page loads used HTTPS globally, 64% in the United States. In Feb of 2020, 81% of page loads use HTTPS globally, and 91% in the United States! This is an incredible achievement. That is a lot more privacy and security for everybody thanks to open source!
In June of 2017 Let’s Encrypt was serving approximately 46M websites with 11 full time staff and an annual budget of $2.61M. In February of 2020, they serve nearly 192M websites with 13 full time staff and an annual budget of approximately $3.35M.
TLS Certificate Authority Market Share Myth
It is no coincidence that Let’s Encrypt was launched in December 2015, and IdenTrust has grown exponentially from merely 0.3% in January 2016 to over half of the market in May 2020. So, it has become appallingly obvious that Let’s Encrypt has contributed to IdenTrust’s exponential growth in their market share.
In summary, Let’s Encrypt is the largest TLS certificate authority in the world thanks to its open source nature. This makes it easier to have HTTPS encrypted websites.
More and more vendors provide managed TLS service using Let’s Encrypt TLS certificates simply because Let’s Encrypt is the most popular and user-friendly in the world.