Mozilla bans Chinese WoSign – Firefox no longer trusts their SSL-certificates


Starting in January, any site that uses the new certificate from the Chinese CA WoSign will have a problem with Firefox users. The Mozilla, the company that is responsible for the creation of Firefox, announced that it will block all new certificates issued by WoSign and StartCom, the Israeli center, which was recently acquired by a Chinese company.

Before this step, Mozilla released a report accusing WoSign to issue certificates backdated to bypass all the industry’s efforts to renounce the HTTPS certificate signed outdated algorithm SHA-1. CAs as WoSign, should not issue the SHA-1 certificates on 1 January this year. WoSign retrospectively issued certificates, which were signed as if they were issued in December 2015.

Mozilla suggested last month ban for 1 year of all new certificates issued by WoSign, but did not speak about the date of the introduction of this ban. Despite all the efforts from WoSign, the ban was still made. Mozilla has decided not to trust certificates WoSign and StartCom, issued after 21 October. This action will work in Firefox 51, which will be released January 24, 2017. Another WoSign dissatisfaction on the part of Mozilla was to stubborn denial WoSign the acquisition StartCom.

The level of deception, which demonstrated the company’s representatives, led to the fact that Mozilla will not trust certificates that are associated with root certificates WoSign and StartCom. The company has announced aggressive expansion of certificates transparency program.

Posted in CA Tagged with: , , , , , ,

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.