WoSign no longer trusted as a CA
July 10, 2017
Shah Sheikh (1294 articles)

WoSign no longer trusted as a CA

Starting with Chrome 61, Google has declared that it will no longer trust the Chinese certificate authority named WoSign therefore any website that is currently using them for certificates need to prepare for a transition. The phase out began with Chrome 56, where only certificates prior to October 21st, 2016 are being trusted. Subsequently, the whitelist restricted trust within the Alexa top 1 million websites.

The reasons that were stated are due to multiple factors. WoSign and its subsidiary StartCom were violating numerous established industry baseline requirements set by the CA/Browser Forum such as miss-issuing free certificates, failure to report its acquisition of StartCom, and back dating deprecated certificates (SHA-1). Not only did Google stop trusting WoSign, but Mozilla as well have lost faith in them and stated that they will no longer trust any certificate newly issued by WoSign. On the other hand, Apple were the first to just outright block WoSign certificates stating that they lacked “multiple control failures”

Source: threatpost