Personal View site logo
Make sure to join PV on Telegram or Facebook! Perfect to keep up with community on your smartphone.
HTTPS / SSL now works on PV
  • All must work, except mixed content on topic with images.

    Images still are served over http, must be fixed soon.

  • 10 Replies sorted by
  • Also note that absolute recent Chrome 56 / Firefox 51 can show issue with certificate due to Google, Apple and few other companies attempt to push out Chinese companies (WoSign who also owns StartCom) out of very profitable certificates market by illegaly blocking their issues and also later root certificates.
    Main fight is for cheap and free certificates, where Google want Let's Encrypt to remain only option. Just note that Google requires to install their software with root rights if you want to use LE certificate, now it is harmless, but issues can be severe.

  • Youtube and Vimeo fixed.

  • News and outside forum links fixed. All links back to forum also will keep SSL.

    Images fix will be done soon.

    Certificate change later.

  • I've been following the Wosign/Startcom certificate issues for the last 6 months. Wosign has been disqualified due to their shitty operations, not due to some ulterior motives re Chinese business:

    • They issued certs of well known sites to unrelated individuals (This is what started the ball rolling: https://www.schrauger.com/the-story-of-how-wosign-gave-me-an-ssl-certificate-for-github-com - open in IE since Microsoft stilll allows Startcom certs)

    • They issued many SHA1 certs while SHA1 had been deprecated and issuance banning was in effect. They also cheated and back-dated the certs so people would think that the certs were issued before the ban.

    • They lied when asked by Mozilla Security Forum about SHA1 issuance.

    • They hid their taking over Startcom, and went to a great length not to divulge that fact- contrary to the basic CA policy requirements that they've signed. Startcom started using WoSign infrastructure in the background, with some illegal cert operations.

    If you care and willing to spend a good part of your day to follow the disqualification discussion, please head over to https://groups.google.com/forum/?hl=en#!topic/mozilla.dev.security.policy/k9PBmyLCi8I%5B1-25%5D (as well as other Wosign entries in that Security forum)

    A shorter summary is here https://wiki.mozilla.org/CA:WoSign_Issues

  • @Kob

    I know all this, yet

    Someone who in politics or economics believe on bare word is no more then full idiot.

    V. Lenin

    Just look who made all this scandal up, strangely it is media who are owned by same funds as Google and such. Look at the actual history of SHA-1 issuance, look at the history on why and how github and such certificates where issued.

    What exact right two corporation have to block paid products by third corporation? Actually none. Thing that you see is called corporate wars for market. And as any war it also is accompanies by proper rhetoric that we are fighting for good and they are evil.

  • Certificate updated to valid one.

    Only images mixed content left now.

  • Images must be fixed now.

    Note that external images can still be served via http.

  • Google continue their crusade. Aim is to destroy all main competitors on very sweet market (good money and almost zero expenses).

    https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/eUAKwjihhBs/rpxMXjZHCQAJ

  • Next move

    Symantec, GeoTrust, Thawte and RapidSSL will join the list of non trusted certificates.

    Google and Mozilla works in tandem pushing Google technology and making it the monopoly.

  • StartCom finnaly closing.

    The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcom´s website.

    StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years.

    Google and their peers are in dirty fight and we only saw first steps. I am sure majority won't like next ones.