Moving from StartSSL to DigiCert

Reading Time: 2 minutes

The DirTeam.com and ActiveDir.org Weblogs have relied on certificates from StartSSL, ever since we introduced the option to visit our website using SSL and TLS.

One of the main reasons for choosing StartSSL was that their certificates are available for free. However, recent events have led to a distrust in the certificates issued by StartSSL.

What happened

On 30 September 2016, during the investigation on WoSign, Apple announced that their software will not accept certificates issued by one of the WoSign certificates after 19 September 2016, and said they will take further action on WoSign/StartCom trust anchors as the investigation progresses

On 24 October 2016, Mozilla announced on its security blog that, following its discovery of the purchase of StartCom by WoSign during its investigation on numerous issues with that CA, and that both have failed to disclose this transaction, Mozilla will stop trusting certificates that were issued after 21 October 2016 starting with Firefox 51. On 1 November 2016, Google announced that it too would stop trusting certificates issued after 21 October 2016 starting with Chrome 56.

Certificates issued before this date may, as our certicate, continued to be trusted, but in subsequent Chrome releases, these exceptions were reduced and ultimately removed. On 30 November 2016, Apple products  blocked certificates from WoSign and StartCom root CAs if the "Not Before" date is on or after 1 Dec 2016. We have reason to believe that as of Version 58, Google Chrome will no longer trust any certificates, issued by WoSign and StartCom.

What we did

We were alerted of these unfortunate series of events ahead of time by Jetze Mellema.

Of course, we don't want the first thing you see when you're looking for information on Identity, that the website can't be trusted. We dedicate a large amount of our time to give you the best advice, how tos and information we can and triple check it before publishing it.

We took action and requested a new TLS certificate for the DirTeam.com / ActiveDir.org Weblogs at DigiCert. We choose them, because they are a well-respected Certification Authority with acceptable rates and conditions.

If you experience any certificate trust issues, please contact us by leaving a comment below.

Author: Sander Berkouwer

Sander Berkouwer is the author of the Active Directory Administration Cookbook, speaker and blogger at DirTeam.com and ServerCore.net. He is awarded Microsoft MVP, Veeam Vanguard and VMware vExpert. Since 2009, Microsoft has awarded Sander with the Most Valuable Professional (MVP) award. Since 2016, Veeam has awarded Sander with the Veeam Vanguard award.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.