Windows 10 no longer trusts new WoSign certificates from October
Microsoft has announced that it will no longer trust all new WoSign and StartCom certificates, which will be issued from October, in Windows 10. All existing certificates will be trusted until they expire on their own.
Microsoft writes that it made the decision because the certificate authorities do not meet the standards of its Trusted Root program. The Redmond-based company is also charging authorities for other missteps, such as incorrectly issuing certificates, using duplicate serial numbers and adjusting the date of issue so that it appears to be further in the past. The company wants to achieve the expiry of the certificates by using a ‘not before’ date of September 26.
Mozilla announced last year that it had lost confidence in the Chinese certificate authorities after an investigation. Mozilla itself compiled an extensive list of the problems surrounding WoSign and StartCom. Apple also withdrew its confidence in the certificates at the time. In November, Google followed suit with a similar decision, where the company took a phased approach.
Google started phasing out trust in Chrome 56 and announced at the end of July that with version 61 of the browser, the trust will disappear completely. That means that around September, when the release takes place, all StartCom and WoSign certificates will no longer be trusted by Chrome. Google therefore recommended that sites that still use the certificates take quick action to prevent problems.