WoSign & StartCom - Game Over


(Alex Conner) #1

If you receive a certificate from one of these two CAs after October 21, 2016, your certificate will not validate in Mozilla products such as Firefox 51 and later, until these CAs provide new root certificates with different Subject Distinguished Names, and you manually import the root certificate that your certificate chains up to. Consumers of your website will also have to manually import the new root certificate until it is included by default in Mozilla’s root store.

Distrusting new WoSign and StartCom Certificates - Mozilla

Looks like it’s game over for WoSign and StartCom. With Chrome’s mandatory certificate transparency this is probably not the last CA to get blacklisted as these sorts of things won’t go un-noticed.


(Stephen Simpson) #2

So far Lets Encrypt has yet to disappoint!


(Alex Conner) #3

And Google joins in…