Mass Trustico/RapidSSL revocation


#1

Not totally on-topic but I thought people might like to know, since RapidSSL is used by practically everybody.

Based on this 20k certificates are being revoked.

Latest news is Trustico have stopped using DigiCert for legal reasons, Trustico new wholesale provider is Comodo (as of a few minutes ago)


#2

Sad & angry sysadmins everywhere


#3

What an enormous cluster. Trustico asks Digicert to mass-revoke 50k certs, Digicert asks for proof of compromise, so Trustico emails 23k private keys (which they never should have had in the first place, but now are most certainly compromised). But yeah, trust the commercial CAs (and their resellers).


#4

The sh*tshow just gets worse:
https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/wxX4Yv0E3Mk


If there’s a lesson to be learned here (other than that a commercial CA doesn’t offer any better security than a free CA like Let’s Encrypt), it would seem to be this: the fewer parties that are involved in your cert issuance, the better.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.