Bug ID: 369148
Summary: CA StartCom should not be trusted please use Let's
Component: product/component changes
Recently it is exposed that WoSign, a Chinese Certificate Authority (CA),
secretly purchased StartCom, the CA currently signing all certificates of
KDE.org. The related news and comments are linked here:
Both WoSign and StartCom have been reported on their loose verification and
issuing practices, often violating their own ToS and basic CA requirements.
They are not worth trusting. I have chosen to disable their root certificates
in all my browsers, and I advise everyone seeing this to do the same. It is for
the better to transition from it and to Let's Encrypt, an open, free and
automated CA. The documentation of Let's Encrypt is linked here:
I have no affiliation with WoSign, StartCom, or Let's Encrypt.
Steps to Reproduce:
1. Access the url provided
2. View the certificate of server
Issuer field of the certificate is:
CN = StartCom Class 2 Primary Intermediate Server CA
OU = Secure Digital Certificate Signing
O = StartCom Ltd.
C = IL
Issuer field of the certificate should be:
CN = Let's Encrypt Authority X3
O = Let's Encrypt
C = US
You are receiving this mail because:
You are watching all bug changes.