Bug ID: 369148
           Summary: CA StartCom should not be trusted please use Let's
           Version: unspecified
          Platform: Other
                OS: other
            Status: UNCONFIRMED
          Severity: wishlist
          Priority: NOR
         Component: product/component changes

Recently it is exposed that WoSign, a Chinese Certificate Authority (CA),
secretly purchased StartCom, the CA currently signing all certificates of The related news and comments are linked here:

Both WoSign and StartCom have been reported on their loose verification and
issuing practices, often violating their own ToS and basic CA requirements.
They are not worth trusting. I have chosen to disable their root certificates
in all my browsers, and I advise everyone seeing this to do the same. It is for
the better to transition from it and to Let's Encrypt, an open, free and
automated CA. The documentation of Let's Encrypt is linked here:

I have no affiliation with WoSign, StartCom, or Let's Encrypt.

Reproducible: Always

Steps to Reproduce:
1. Access the url provided
2. View the certificate of server

Actual Results:  
Issuer field of the certificate is:

CN = StartCom Class 2 Primary Intermediate Server CA
OU = Secure Digital Certificate Signing
O = StartCom Ltd.
C = IL

Expected Results:  
Issuer field of the certificate should be:

CN = Let's Encrypt Authority X3
O = Let's Encrypt
C = US

You are receiving this mail because:
You are watching all bug changes.

Reply via email to