Home > Uncategorized > #Startcom #SSL certs no longer valid in Chrome 58 & Firefox

#Startcom #SSL certs no longer valid in Chrome 58 & Firefox

startcom

StartCom was a popular SSL cert issuer before the days of LetsEncrypt, as it was one of the few providers that offered SSL certs for free, and thus was very popular. However, after failing to play ball with Mozilla, and were using the obsolete Hashing cypher SHA-1.

This means, if you have an SSL cert issued by StartCom, then you better get a new cert quickly. I personally recommend LetsEncrypt, since it’s free, but others are available. – Otherwise Google Chrome, and Firefox will say your website is insecure.

Mozilla’s official word is:

Mozilla has discovered that a Certificate Authority (CA) called WoSign has had a number of technical and management failures. Most seriously, we discovered they were backdating SSL certificates in order to get around the deadline that CAs stop issuing SHA-1 SSL certificates by January 1, 2016. Additionally, Mozilla discovered that WoSign had acquired full ownership of another CA called StartCom and failed to disclose this, as required by Mozilla policy. The representatives of WoSign and StartCom denied and continued to deny both of these allegations until sufficient data was collected to demonstrate that both allegations were correct. The levels of deception demonstrated by representatives of the combined company have led to Mozilla’s decision to distrust future certificates chaining up to the currently-included WoSign and StartCom root certificates.

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: