I swear, I feel like I just wrote about this. It seems StartCom, which is now operated by WoTrus, has finally shut its doors as a certificate authority — or has it?
As I’ve said before, StartCom announced that it would stop issuing SSL certificates after January 1st. However, a month later, StartSSL was still operational, and existing users could sign into their accounts to find all of their data.
In my mind, the project had been abandoned, and they were keeping it running so that users could migrate away from the platform. But, to my surprise, WoTrus decided it wanted to take advantage of the domains linked to StartSSL and transform the site into a reseller platform. Now, that doesn’t mean you can go sign up to create your own branded Intermediate Authority (which would be great), but rather that WoTrus has been once again trusted by major browsers.
How, you ask, did they accomplish this, after so many companies publicly expressed their distrust? Well, WoTrus went behind our backs and signed deals with DigiCert and Certum, two trusted certificate authorities. This means that although they no longer operate as root certificate authorities, their certificates are automatically trusted by all major browsers (this is almost entirely thanks to DigiCert).
So, what exactly does this mean? It means that WoTrus (er, WoSign, or, er, StartCom), is back in the game — for now.