Google to Ban WoSign and StartCom Certificates

Following in the footsteps of Mozilla and Apple, Google is going to be removing all trust for WoSign and StartCom Certificates with Chrome 61 (current  version is 59) as well as Android browser. Mozilla has been very aggressive in enforcing their Mozilla’s CA Certificate Policy as was the case in April 2015 with the Firefox 37.0.1 release which Mozilla banned China Internet Network Information Center (CNNIC) issued Certificates. Once again another China based CA has ‘misbehaved’:

About a year ago, Mozilla uncovered that a Chinese Certificate Authority (CA) called WoSign had a number of technical and management failures, which included bypassing previous restrictions by browser vendors on distributing SHA-1 certificates.

The browser vendors had previously agreed not to accept SHA-1 certificates that were issued after January 2016. However, WoSign backdated its certificates so it could continue to issue SHA-1 certificates that would still be supported by the browsers (for legacy reasons).

Mozilla also found out that WoSign had secretly acquired a smaller CA, StartCom, which was against its CA policies.

via Tom’s Hardware