[openssl-users] Use of openssl

Jakob Bohm jb-openssl at wisemo.com
Wed Oct 26 02:15:22 UTC 2016

On 26/10/2016 00:54, Salz, Rich wrote:
>> StartCom has directions on their website. I don't recall what the process is,
>> but I've used it in the past. You might want to review the instructions
>> StartCom provides.
> StartCom, owned by WoSign, has issues with firefox.
More precisely:

Due to certificate mismanagement and lying by the (soon to be
replaced) CEO of WoSign and StartCom, both Mozilla (Firefox,
Thunderbird etc.) and Apple have decided to distrust WoSign
and StartCom, with some temporary exceptions for old
certificates.  There many threads on
news://news.mozilla.org/mozilla.dev.security.policyabout this,
going at least back to a post on 2016-06-30 .

They are basically dead for now.

>> Let's Encrypt is new and has become very popular. I don't know the process
>> because I have never used them. They will likely suffer more "unable to get
>> local issuer certificate" problems than StartCom, especially on older mobile
>> devices.
> Should not be an issue, since LE has a cross-signed CA cert with someone that is in the trust stores.
More problematic is the need to run automated tools to get fresh LE
certificates every 2 to 3 months.  This is easy for some situations,
not easy for others.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list