Network Security

Google removes trust for certs issued by WoSign and StartCom

Google will no longer trust digital certificates that were issued by certificate authorities WoSign and StartCom after October 21. The decision affects Chrome version 56, according to a Google Security blog post.

Google Chrome is “unable to trust all pre-existing certificates while ensuring our users are sufficiently protected from further misissuance,” Chrome security team member Andrew Whalley wrote in the blog post.

Chrome is the third browser platform to remove trust for the two certificate authorities. Last week, Mozilla announced trust would be removed for WoSign and StartCom in Firefox 51. An investigation launched by Mozilla uncovered several problems in WoSign's SSL certificate issuance process.

The Chinese certificate authority was “backdating SSL certificates in order to get around” a deadline on certificate authorities to stop issuing SHA-1 SSL certificates, program manager Kathleen Wilson wrote on the Mozilla security blog.

Apple removed trust for WoSign and StartCom's root certificates in iOS and macOS on Sunday.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.