StartCom

from Wikipedia, the free encyclopedia
StartCom
legal form Corporation
Seat Eilat
management Revital Nigg, Eddy Nigg
Branch Information technology
Website www.startcom.org

StartCom was a company in Eilat, Israel that manufactured software and issued digital certificates as a certification authority .

Withdrawal of trust as a certification authority

At the beginning of 2016 there were irregularities in the award of certificates at WoSign, the parent company of StartCom. On the one hand, certificates were issued backdated in order to circumvent a restriction on SHA1 certificates. On the other hand, StartCom and the certification authority WoSign failed to reveal their affiliation.

In September 2016, Mozilla , the manufacturer of the Internet browser Firefox , announced consequences against the certification authority for violating the guidelines. As a result, Mozilla announced on October 24th, 2016 that it would withdraw trust from the certification authority with the upcoming Firefox Release 51 certificates that became valid after October 21st, 2016. Google announced the same step for Google Chrome from version 56, Apple no longer trusts certificates from StartCom, which were issued from December 1, 2016, either. As of Google Chrome 57, most StartSSL certificates are no longer recognized as trustworthy, even if they were issued before October 21, 2016.

On November 16, 2017, StartCom announced that it would no longer issue certificates from January 1, 2018.

On December 2, the company announced that it would permanently cease operations.

Products

StartCom Linux

Since August 2004 the company has been offering the Linux distribution StartCom Enterprise Linux , which is based on the source code of Red Hat Enterprise Linux Advanced .

StartSSL PKI

The company has been active as a certification body since February 2005.

The best-known product is the free Class 1 X.509 SSL certificate "StartSSL Free", which can be used both for web servers ( SSL / TLS ) and for e-mail encryption ( S / MIME ). In addition, Class 2 certificates and Extended Validation SSL certificates are issued, for which a chargeable validation is a prerequisite.

StartCom certificates were accepted by various browsers up to 2016: Mozilla Firefox supported them from version 2.0, Opera since July 2010, Apple Mac OS X from Mac OS X Leopard 10.5 and Microsoft Windows since September 2009; Apple Safari , Internet Explorer and Google Chrome use the operating system's certificate store.

For Class 2 certificates, StartCom requires a full copy of an identity card or passport and, according to its own registration conditions, saves it for "at least 7 years". The procedure contradicts the regulations of the German Telecommunications Act, which requires the immediate deletion of passport copies after verification (§95 (4) TKG). Furthermore, the restrictions on copying your ID card must be observed.

Individual evidence

  1. Certificates: Mozilla wants to withdraw trust from Startcom and Wosign - Golem.de . ( golem.de [accessed October 26, 2016]).
  2. distrusting New WoSign and Red Hat Certificates. In: Mozilla Security Blog. Retrieved October 26, 2016 .
  3. Certificate Schmu at WoSign and StartCom: Mozilla gets serious | heise security. In: m.heise.de. Retrieved October 26, 2016 .
  4. 1311832 - StartCom Action Items . Mozilla.org. October 20, 2016. Retrieved October 22, 2016.
  5. distrusting WoSign and Red Hat Certificates . Google. October 31, 2016. Retrieved November 14, 2016.
  6. Removal of the trustworthiness of WoSign CA Free SSL Certificate G2 . Apple. December 5, 2016. Retrieved December 11, 2016.
  7. Restrict the set of WoSign / StartCom certs to the Alexa Top 1M . Google. February 26, 2017. Retrieved March 16, 2017.
  8. ^ Termination of StartCom business . StartCom. November 16, 2017. Retrieved November 18, 2017.
  9. ^ Termination of the certificates business of Startcom . Google. November 17, 2017. Retrieved November 18, 2017.
  10. Linux goes blue and white - StartCom Linux . StartCom. August 2, 2004. Archived from the original on August 25, 2007. Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved January 6, 2011.  @1@ 2Template: Webachiv / IABot / linux.startcom.org
  11. StartCom Free SSL Certificate Project . StartCom. February 20, 2005. Archived from the original on August 25, 2007. Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved January 6, 2011.  @1@ 2Template: Webachiv / IABot / linux.startcom.org
  12. Heise-Online: Mozilla trusts free StartCom certificates. June 3, 2006, accessed March 4, 2010 .
  13. ^ Opera Blog: New Roots, new EV, and a new Public Suffix file. Archived from the original on August 1, 2010 ; Retrieved December 10, 2010 .
  14. Heise Security: Internet Explorer supports free certificates. September 26, 2009, accessed March 4, 2010 .