There is some information here:

• https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

Bug 1309707 - Distrust new certs chaining up to current WoSign/StartCom roots
Bug 1311824 - WoSign Action Items
Bug 1311832 - StartCom Action Items

Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

I have been using:

StartCom Class 1 DV Server CA

for a few years, suddenly on FFox 51.0.1/64 i started getting:

SEC_ERROR_REVOKED_CERTIFICATE

It does work fine on FFox 45 ESR ( debian ) series...

I checked also a win10 system with the latest FFox build, same cert issue. Other browzerz, such as Chrome, are not reporting any issues.

I went to ssllabs.com to check the cert, and I got an "A".

I am not looking for workarounds, but for an explanation why Startcom is being rejected ( unless it is a bug ).

Thanks!

Mike

EDIT:

I would also like to mention, that the cert was issued on Dec 11 2016 and expires in 2019

It has nothing to with with this specific certificate, but this is a problem with the CA that has issued the certificate. The CA has violated the policies that Mozilla enforces to built-in root certificates and Mozilla has taken the decision to distrust involved root certificates from this CA and thus all certificates that chain to this root certificate will give an untrusted error message. Unfortunately websites that have affected certificates will have to get a new certificate. It is likely that other browsers will follow.

• bug 1309707 - Distrust new certs chaining up to current WoSign/StartCom roots

Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html