We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

ssl validity question

  • 3 replies
  • 2 have this problem
  • 3 views
  • Last reply by cor-el

more options

Wondering where the status of valid ssl's from StartCom stands and certs issued before October 2016? Will they still be valid via search engines in 2017? Thanks for the help....trying to figure out if I need to purchase a new SSL even though my ssl was purchased before the issue date with WoSign and its purchase of StartCom (where I have my current ssl cert)

Wondering where the status of valid ssl's from StartCom stands and certs issued before October 2016? Will they still be valid via search engines in 2017? Thanks for the help....trying to figure out if I need to purchase a new SSL even though my ssl was purchased before the issue date with WoSign and its purchase of StartCom (where I have my current ssl cert)

All Replies (3)

more options

There is some information here:

Bug 1309707 - Distrust new certs chaining up to current WoSign/StartCom roots
Bug 1311824 - WoSign Action Items
Bug 1311832 - StartCom Action Items

Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

more options

I have been using:

StartCom Class 1 DV Server CA

for a few years, suddenly on FFox 51.0.1/64 i started getting:

SEC_ERROR_REVOKED_CERTIFICATE

It does work fine on FFox 45 ESR ( debian ) series...

I checked also a win10 system with the latest FFox build, same cert issue. Other browzerz, such as Chrome, are not reporting any issues.

I went to ssllabs.com to check the cert, and I got an "A".

I am not looking for workarounds, but for an explanation why Startcom is being rejected ( unless it is a bug ).

Thanks!

Mike


EDIT:

I would also like to mention, that the cert was issued on Dec 11 2016 and expires in 2019

Modified by paziu

more options

It has nothing to with with this specific certificate, but this is a problem with the CA that has issued the certificate. The CA has violated the policies that Mozilla enforces to built-in root certificates and Mozilla has taken the decision to distrust involved root certificates from this CA and thus all certificates that chain to this root certificate will give an untrusted error message. Unfortunately websites that have affected certificates will have to get a new certificate. It is likely that other browsers will follow.

  • bug 1309707 - Distrust new certs chaining up to current WoSign/StartCom roots

Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html