Although no Wo Sign root is in the list of Apple trusted roots, this intermediate CA used cross-signed certificate relationships with Start Com and Comodo to establish trust on Apple products.
In light of these findings, we took action to protect users in a security update.
Due to various auditing failures and other security issues, the CAcert root certificate set is slowly disappearing from the Ubuntu and Debian ‘ca-certificates’ package.
Fine for security and ensuring your website works with the wider browser world.
For further details on cookies, please see our cookies policy.
Certificate Authority Wo Sign experienced multiple control failures in their certificate issuance processes for the Wo Sign CA Free SSL Certificate G2 intermediate CA.
Firstly let me explain the small lab environment I will use.
They will continue to be trusted until they expire, are revoked, or are untrusted at Apple’s discretion.
As the investigation progresses, we will take further action on Wo Sign/Start Com trust anchors in Apple products as needed to protect users.
Not so good if you’re developing an SSL site on a development domain - for which CAcert certificates are precisely what the doctor ordered.
So how do you add the root certificates back into your development machine in the correct manner (and in particular avoiding the cardinal sin of shipping an entirely parallel set of root certificates with your application!