Controversial certificate authority StartCom is going out of business.
Startcom board chairman Xiaosheng Tan told The Register the business will close its doors on January 1, 2018, at which point new certificates will no longer be issued.
CRL and OCSP service will continue for two years from then, when StartCom's three key root pairs will end.
First reply to StartCom announcing the end of its certification business is a founding engineer glad it's dead 😳https://t.co/ccXo6WHGYh— SwiftOnSecurity (@SwiftOnSecurity) November 17, 2017
Tan said the closing of certificates "would not have a major impact" because "the major browsers" already don't trust StartCom certificates, and the two-year roll-out should "limit" any disturbance to certificate owners.
He was unable to provide an estimate of the number of websites that currently use StartCom certificates, but said they are global.
According to w3techs.com, about 0.1 per cent of all websites use StartCom as an SSL certificate authority.
The Register had, er, some difficulty accessing StartCom's website due to a certificate warning from some of the web browsers we tried. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks