Microsoft to remove certain Chinese certificates in Windows 10 due to unacceptable security practices

Reading time icon 1 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Microsoft today announced that they will remove WoSign and StartCom certificates in Windows 10. WoSign and StartCom are Chinese Certificate Authorities (CAs) issuing digital certificates. According to Microsoft, these CAs have failed to maintain the standards set by Microsoft. They have been following unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, and multiple CAB Forum Baseline Requirements (BR) violations.

As a result, Microsoft will deprecate WoSign and StartCom certificates by setting a “NotBefore” date of 26 September 2017. But the existing certificates will continue to function until they self-expire. After September 2017, Windows 10 will not trust any new certificates from these CAs.

Microsoft also mentioned that they take these decisions after careful consideration as to what is best for the security of millions of Windows users.

More about the topics: Chinese digital certificates, microsoft, StartCom, StartCom certificates, WoSign, WoSign certificates

Leave a Reply

Your email address will not be published. Required fields are marked *