ssl validity question
Wondering where the status of valid ssl's from StartCom stands and certs issued before October 2016? Will they still be valid via search engines in 2017? Thanks for the help....trying to figure out if I need to purchase a new SSL even though my ssl was purchased before the issue date with WoSign and its purchase of StartCom (where I have my current ssl cert)
All Replies (3)
There is some information here:
Bug 1309707 - Distrust new certs chaining up to current WoSign/StartCom roots Bug 1311824 - WoSign Action Items Bug 1311832 - StartCom Action Items
Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
I have been using:
StartCom Class 1 DV Server CA
for a few years, suddenly on FFox 51.0.1/64 i started getting:
SEC_ERROR_REVOKED_CERTIFICATE
It does work fine on FFox 45 ESR ( debian ) series...
I checked also a win10 system with the latest FFox build, same cert issue. Other browzerz, such as Chrome, are not reporting any issues.
I went to ssllabs.com to check the cert, and I got an "A".
I am not looking for workarounds, but for an explanation why Startcom is being rejected ( unless it is a bug ).
Thanks!
Mike
EDIT:
I would also like to mention, that the cert was issued on Dec 11 2016 and expires in 2019
Modified
It has nothing to with with this specific certificate, but this is a problem with the CA that has issued the certificate. The CA has violated the policies that Mozilla enforces to built-in root certificates and Mozilla has taken the decision to distrust involved root certificates from this CA and thus all certificates that chain to this root certificate will give an untrusted error message. Unfortunately websites that have affected certificates will have to get a new certificate. It is likely that other browsers will follow.
- bug 1309707 - Distrust new certs chaining up to current WoSign/StartCom roots
Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html