This article is more than 1 year old
Shamed TLS/SSL cert authority StartCom to shut up shop
Chairman tells El Reg nobody will even notice its passing
Controversial certificate authority StartCom is going out of business.
Startcom board chairman Xiaosheng Tan told The Register the business will close its doors on January 1, 2018, at which point new certificates will no longer be issued.
CRL and OCSP service will continue for two years from then, when StartCom's three key root pairs will end.
First reply to StartCom announcing the end of its certification business is a founding engineer glad it's dead 😳https://t.co/ccXo6WHGYh
— SwiftOnSecurity (@SwiftOnSecurity) November 17, 2017
Startcom and Wosign certificates have been put on untrusted lists by the big browser firms including Mozilla, Apple, Google and Microsoft.
Tan said the closing of certificates "would not have a major impact" because "the major browsers" already don't trust StartCom certificates, and the two-year roll-out should "limit" any disturbance to certificate owners.
He was unable to provide an estimate of the number of websites that currently use StartCom certificates, but said they are global.
According to w3techs.com, about 0.1 per cent of all websites use StartCom as an SSL certificate authority.
The Register had, er, some difficulty accessing StartCom's website due to a certificate warning from some of the web browsers we tried. ®