StartCom SSL couldn’t overcome being distrusted by the browsers last year
StartCom SSL has announced that it will no longer issue new digital certificates as of January 1, 2018, effectively closing the company, though CRL and OCSP services will continue for another two years until StartCom’s three roots expire in 2020.
This marks the end of an odd, perhaps even cautionary tale of how a once-trusted CA went kaput within about a year of the browsers distrusting it. Seriously, this would actually make for some pretty compelling drama because what happened to StartCom feels straight out of the pages of a novel.
How Did StartCom SSL Get Here?
StartCom SSL started off humbly enough in Israel as a small regional CA specializing in the Start SSL certificate, which was initially trusted around 2009/2010. That’s where the touchy-feely stuff ends though, as it was revealed by Mozilla in 2016 that the CA had been secretly acquired by the Chinese Certification Authority WoSign Limited through multiple companies.
This is where the mistakes started getting made. Not so much by the StartCom founders (though it sounds like they may share some blame, too), but by WoSign and its now deposed CEO, Richard Wang (if you’re feeling particularly juvenile, I’ll let you have a moment to enjoy that name).
If you’ve been a reader of the blog for a while, you’ll remember we covered WoSign’s many mistakes in depth last year. But, if you need a refresher, it goes something like this:
WoSign was caught backdating SSL certificates so that it could sign them with the SHA-1 hashing algorithm and not have them be detected by browsers. This is a big no-no, mostly because it’s patently unsafe, but also because the browsers really don’t like it when you try to trick them.
SHA-1, short for Secure Hash Algorithm 1, is a cryptographic hash function that was originally designed by the NSA. Unfortunately, it was deprecated a couple of years ago. Industry standards now demand that all SSL certificates be signed using SHA-2, its successor.
WoSign knew that it wasn’t supposed to be issuing SSL certificates that still use SHA-1, it knew that any SHA-1 certificate issued after the deadline wouldn’t be publicly trusted by the web browsers. So, WoSign got sneaky and backdated a bunch of them to try to get them by the browsers unnoticed.
Unfortunately, Mozilla figured it out.
So, How does StartCom SSL Fit In?
Well, during the investigation into WoSign’s mis-issuances, Mozilla was able to essentially discern that WoSign had acquired StartCom via various publicly available business documents and by investigating the back end systems that the two companies were using.
This is where things started breaking down for StartCom.
First of all, WoSign and StartCom, though not in violation of any laws, seemed to have little interest in transparency. Despite evidence to the contrary, WoSign’s CEO, Mr. Wang, continued to say no acquisition had occurred and the two CAs continued to vote in the CA/B Forum – the industry’s regulatory body – as separate entities despite effectively being a single company.
Then it also became clear that StartCom was using some of WoSign’s validation systems. It was as a result of this that two of the mis-issued certificates were made using StartCom’s PKI.
All appearances indicate that StartCom was being led by Wang and WoSign, which made it complicit.
Browser Mistrust is a Death Knell
StartCom and WoSign were distrusted by all major browsers last Fall. That means Google Chrome, Mozilla Firefox, Apple Safari and Microsoft IE/Edge.
When a CA is distrusted it means that the root certificates belonging to that CA are deleted from the browsers’ trust stores. Without going into the woods too deeply, a huge part of PKI is having publicly trusted roots. Every browser has a list of pre-trusted root certificates already downloaded on it. When the browser tries to make a connection to a website with SSL, it tries to chain that SSL certificate back to one of the roots it has saved in its trust store.
That means every CA either needs to have its own trusted root, or needs to have an intermediate that chains back to someone else’s.
When StartCom was distrusted, it meant that all of its root certificates were deleted from those trust stores. In turn, every StartCom SSL certificate that was supposed to chain back to one of those roots is also distrusted now, too.
So effectively, StartCom has already been dead for about a year since it can’t issue publicly trusted certificates anymore.
Via a company statement:
“Despite the efforts made during this time by StartCom, up to now, there has not been any clear indication from the browsers that StartCom would be able to regain the trust. Therefore, the owners of StartCom have decided to terminate StartCom as a Certification Authority.”
This decision will not have much of an impact on the greater web. By this point, most of StartCom’s SSL customers have migrated to another certificate authority. According to w3techs.com, StartCom has just 0.1% marketshare.
What we Hashed Out (for Skimmers)
Here’s what we covered in today’s discussion:
- StartCom SSL is officially closing as of January 1, 2018
- CRL and OCSP services will run through 2020 to minimize disruption
- StartCom was distrusted as part of WoSign’s mis-issuance problems in 2016