add lets encrypt R3 as trusted root certificates

New Contributor

when is the roadmap to add lets encrypt R3 and E1 as trusted root certificates

I am receiving certificate not valid for newly generated certificates from LetsEncrypt in Edge browser. I don't receive the same error in Chrome

4 Replies

@vairakkumarHF Hello!  I'm currently not aware of any issues with Let's Encrypt and Microsoft Edge.  Is there any more information you can provide?  Is there a website we can test that will reproduce the issue?  Thanks! 

 

-Kelly 

@Kelly_Y 

Don't know what the problem was, it is no longer occurring in Microsoft Edge and it is displaying the certificate path accurately.

Thanks

 

@Kelly_Y 

This intermediate CA cert from LE is not found:

DST Root CA X3
 - R3 (

CN = R3
O = Let's Encrypt
C = US

)

 

whereas the following is found:

DST Root CA X3

- Let's Encrypt Authority X3 (

CN = Let's Encrypt Authority X3
O = Let's Encrypt
C = US

)

So, it appears that it displays untrusted certificate that is a leaf issued based on R3.

 

 

@vairakkumarHF For clarity, on Windows today, both Microsoft Chrome and Microsoft Edge defer certificate trust decisions to the Windows Trusted Root Store; if Chrome trusts the cert, so will Edge, and vice-versa.

 

For debugging certificate trust issues, sharing the full built-chain is very helpful; https://textslashplain.com/2017/03/30/get-help-with-https-problems/