Microsoft to remove certain Chinese certificates in Windows 10 due to unacceptable security practices

Home » Microsoft

Reading time icon 1 min. read

Calendar icon Published on

by Pradeep Viswav 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Microsoft today announced that they will remove WoSign and StartCom certificates in Windows 10. WoSign and StartCom are Chinese Certificate Authorities (CAs) issuing digital certificates. According to Microsoft, these CAs have failed to maintain the standards set by Microsoft. They have been following unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, and multiple CAB Forum Baseline Requirements (BR) violations.

As a result, Microsoft will deprecate WoSign and StartCom certificates by setting a “NotBefore” date of 26 September 2017. But the existing certificates will continue to function until they self-expire. After September 2017, Windows 10 will not trust any new certificates from these CAs.

Microsoft also mentioned that they take these decisions after careful consideration as to what is best for the security of millions of Windows users.

Pradeep Viswav

Pradeep Viswav Shield

Software and Services Expert

Pradeep is a Computer Science and Engineering Graduate. He was also a Microsoft Student Partner. He is currently working in a leading IT company.

User forum

0 messages