Microsoft to remove WoSign and StartCom certificates in Windows 10


Microsoft has concluded that the Chinese Certificate Authorities (CAs) WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, and multiple CAB Forum Baseline Requirements (BR) violations.

Thus, Microsoft will begin the natural deprecation of WoSign and StartCom certificates by setting a “NotBefore” date of 26 September 2017. This means all existing certificates will continue to function until they self-expire. Windows 10 will not trust any new certificates from these CAs after September 2017.

Microsoft values the global Certificate Authority community and only makes these decisions after careful consideration as to what is best for the security of our users.

 

 

 

 

Comments (3)

  1. lsc says:

    Does this affect only the Windows 10 v1709 that will be released or is it valid on all supported Windows 10 (Form v1507 LTSB to v1709), has the previously released version of Windows been affected?

  2. DEBORAH COOKS says:

    WHEN I TURNED ON MY PC I DIDNT HAVE TO SIGN IN AN A POP UP FROM FACEBOOK WAS SHOWING WITH MY PHONE NUMBER AN HAVE MY FACE IN THE PICTURE AN A EMAIL ADDRESS THAT I DONT RECONIZE AN I FEEL LIKE SOME ONE HAS INVADED MY PC WITH A SETTING WITH FACE BOOK AN I DONT HAVE A FACEBOOK ACCOUNT CAN IT BE REMOVED OR CHECKED TO FIND OUT WHO IS USEING MY PHONE NUMBER ACCESSING A FACEBOOK ACCOUNT AN THE PASSWORD I CANT RESET IT BECAUSE I DONT KNOE THE EMAIL ATTACHED TO IT

  3. nope says:

    Will this include code signing certificates?

Skip to main content