Microsoft dumps notorious Chinese secure certificate vendor

Microsoft dumps notorious Chinese secure certificate vendor

By | August 9th, 2017
No Comments on Microsoft dumps notorious Chinese secure certificate vendor

Microsoft has joined Apple, Google, and Mozilla in disabling security

certificates from Chinese company WoSign and its StartCom subsidiary.


WoSign and StartCom lost their reputation for reliability over a year ago. According to SSL Labs, by October 2016, “browser vendors have lost trust in WoSign’s ‘technical and management capabilities.’ In addition, WoSign has been accused of dishonesty and continued and persistent deception.” Unfortunately, both CAs had large installed user bases, largely because both had offered free certificates.

Mozilla was the first web browser company to announce that it would “no longer trust newly-issued certificates issued by either of these two CA brands.” Google followed Mozilla in no longer trusting the CA vendors’ certificates in July 2017. Chrome security engineer Devon O’Brien said Google was doing this because of “several incidents” involving the certificate authority which have “not [been] in keeping with the high standards expected of CAs.” Apple has also dropped support for WoSign certificates.

Now, Microsoft has joined them in abandoning trust in their certificates. A Microsoft representative wrote: “Microsoft has concluded that the Chinese CAs WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program.


Nisheeth Bhakuni

  • IBM, TCS, HCL, LTI & More Top IT Companies are Hiring
    Sign Up, Search & Apply for Latest Job Vacancies with Monster to Get Placed in Top IT Companies. Get The Right Job for Your Career, Log onto
    Click to know more