Notice to WoSign customers:

This announcement is for WoSign old roots:

1) CN=CA 沃通根证书, O=WoSign CA Limited, C=CN
2) CN=Certification Authority of WoSign, O=WoSign CA Limited, C=CN
3) CN=Certification Authority of WoSign G2, O=WoSign CA Limited, C=CN
4) CN=CA WoSign ECC Root, O=WoSign CA Limited, C=CN

This distrust action is no any relationship with the current trusted Managed 
Sub CA issued certificates, this distrust action doesn't affect all SSL 
certificates issued by the Managed Sub CA after Nov 21, 2016. WoSign have 
stopped to sell SSL certificate to customers from the above old roots that 
Microsoft plan to distrust since Oct 20, 2016.



Best Regards,

WoSign CA Limited

-----Original Message-----
From: dev-security-policy 
[] On 
Behalf Of Percy via dev-security-policy
Sent: Wednesday, August 9, 2017 2:03 PM
Subject: Microsoft to remove WoSign and StartCom certificates in Windows 10

Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign 
and StartCom have failed to maintain the standards required by our Trusted Root 
Program. Observed unacceptable security practices include back-dating SHA-1 
certificates, mis-issuances of certificates, accidental certificate revocation, 
duplicate certificate serial numbers, and multiple CAB Forum Baseline 
Requirements (BR) violations.

Thus, Microsoft will begin the natural deprecation of WoSign and StartCom 
certificates by setting a “NotBefore” date of 26 September 2017. This means all 
existing certificates will continue to function until they self-expire. Windows 
10 will not trust any new certificates from these CAs after September 2017.

Microsoft values the global Certificate Authority community and only makes 
these decisions after careful consideration as to what is best for the security 
of our users.
dev-security-policy mailing list
dev-security-policy mailing list

Reply via email to