Google drops the boom on WoSign, StartCom certs for good

  • 21 July 2017
  • 0 replies
  • 124 views

Userlevel 7
Badge +54

Citing “certificate misissuance,” Google to expire all certs from offenders by September.

 


 
Sean Gallagher 2oth July 2017
 
Last August, after being alerted by GitHub's security team that the certificate authority WoSign had errantly issued a certificate for a GitHub domain to someone other than GitHub, Google began an investigation in collaboration with the Mozilla Foundation and a group of security professionals into the company's certificate issuance practices. The investigation uncovered a pattern of bad practices at WoSign and its subsidiary StartCom dating back to the spring of 2015. As a result, Google moved last October to begin distrusting new certificates issued by the two companies, stating "Google has determined that two CAs, WoSign and StartCom, have not maintained the high standards expected of CAs and will no longer be trusted by Google Chrome."
 
Full Article.

0 replies

Be the first to reply!

Reply