Notice to WoSign customers:
This announcement is for WoSign old roots:
1) CN=CA 沃通根证书, O=WoSign CA Limited, C=CN
2) CN=Certification Authority of WoSign, O=WoSign CA Limited, C=CN
3) CN=Certification Authority of WoSign G2, O=WoSign CA Limited, C=CN
4) CN=CA WoSign ECC Root, O=WoSign CA Limited, C=CN
This distrust action is no any relationship with the current trusted Managed
Sub CA issued certificates, this distrust action doesn't affect all SSL
certificates issued by the Managed Sub CA after Nov 21, 2016. WoSign have
stopped to sell SSL certificate to customers from the above old roots that
Microsoft plan to distrust since Oct 20, 2016.
敬告沃通用户:
微软宣布的是9月26日后不信任WoSign老根证书签发的证书,并不是指目前WoSign销售的SSL证书。目前销售的SSL证书都是从其他信任CA根证书签发的证书,不受任何影响。
Best Regards,
WoSign CA Limited
-Original Message-
From: dev-security-policy
[mailto:dev-security-policy-bounces+richard=wosign@lists.mozilla.org] On
Behalf Of Percy via dev-security-policy
Sent: Wednesday, August 9, 2017 2:03 PM
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Microsoft to remove WoSign and StartCom certificates in Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign
and StartCom have failed to maintain the standards required by our Trusted Root
Program. Observed unacceptable security practices include back-dating SHA-1
certificates, mis-issuances of certificates, accidental certificate revocation,
duplicate certificate serial numbers, and multiple CAB Forum Baseline
Requirements (BR) violations.
Thus, Microsoft will begin the natural deprecation of WoSign and StartCom
certificates by setting a “NotBefore” date of 26 September 2017. This means all
existing certificates will continue to function until they self-expire. Windows
10 will not trust any new certificates from these CAs after September 2017.
Microsoft values the global Certificate Authority community and only makes
these decisions after careful consideration as to what is best for the security
of our users.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy