7:00 AM
El DiPablo
Well, last year around October Google announced that they were dropping support for StartCom and WoSign SSL certificates because they didn't maintain high enough standards. This was shortly after Apple and Mozilla did the same.
Via Google:
Certificate Authorities (CAs) play a key role in web security by issuing digital certificates to website operators. These certificates are trusted by browsers to authenticate secure connections to websites. CAs who issue certificates outside the policies required by browsers and industry bodies can put the security and privacy of every web user at risk.
Google has determined that two CAs, WoSign and StartCom, have not maintained the high standards expected of CAs and will no longer be trusted by Google Chrome, in accordance with our Root Certificate Policy. This view is similar to the recent announcements by the root certificate programs of both Apple and Mozilla. The rest of this post provides background to that decision and how we plan to minimize disruption while still protecting users.Apparently this struck a major blow to StartCom, and after trying to fix the issues laid out by these browser providers, they apparently still fell short. Because of this, StartCom has issued the following statement via email:
Dear customer,
As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers.
The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcom´s website.
StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years.
StartCom would like to thank you for your support during this difficult time.
StartCom is contacting some other CAs to provide you with the certificates needed. In case you don´t want us to provide you an alternative, please, contact us at certmaster@startcomca.com.
Please let us know if you need any further assistance with the transition process. We deeply apologize for any inconveniences that this may cause.This sucks to be sure, but truthfully, there are better providers out there. I mean you can get wildcard SSL certificates these days for as little as $38.00 per year (Click Here for that). Named certificates go for as little as $9.00 per year.
Best regards,
StartCom Certification Authority
Anyway, I'll be on the lookout for another free SSL provider. They are super handy when you want to stand something up fast and cheap! I've heard good things about Let's Encrypt, but I haven't used them yet.
If you have any recommendations, let us know in the comments!
