StartCom, the Start of eCommerce.

StartCom log all issued SSL certificates to public CT log servers

Mar. 23, 2016

Eilat, Israel - 6th July 2016

StartCom have logged all issued SSL certificates to public CT log servers since March 23th, 2016, but we found there is a bug in StartEncrypt that system don't post the StartEncrypt request SSL certificates to CT log server.

StartCom have updated the PKI system to guarantee all issued SSL certificates MUST post to CT log server and embed the SCT data in the SSL certificate. If the browsers or any party have found any SSL certificates don’t include SCT data in the SSL certificate, browsers can distrust this SSL certificate and report to us as an incident, and customer can ask for re-issuance.

StartCom is the first CA that full logged all kind of SSL certificates including DV SSL, IV SSL, OV SSL and EV SSL certificate, and now we have promised this vision - "No SCT data, No trust".

Eilat, Israel - 23th Mar. 2016.

StartCom, a leading global Certificate Authority (CA) and provider of trusted identity and authentication services, announces the logging of all SSL certificates it issues to the public Certificate Transparency (CT) log servers starting today. All issued SSL certificates will contain the special embedded SCT data necessary to verify the log submission. With this, StartCom demonstrates transparency which is not only beneficial to StartCom's worldwide subscribers, but also beneficial to all Internet security stakeholders, such as domain owners, certificate authorities, and browser manufacturers, who have a vested interest in maintaining the health and integrity of the StartCom SSL certificate system.

This implementation is stricter than Google Chrome's current requirements which applies today only to Extended Validation (EV) SSL certificates; StartCom will log all issued SSL certificates to at least 3 public CT log servers and embedded the SCT data into the certificates, demonstrating true transparency.

Google's Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections. These flaws weaken the reliability and effectiveness of encrypted Internet connections and can compromise critical TLS/SSL mechanisms, including domain validation, end-to-end encryption, and the chains of trust set up by certificate authorities. If left unchecked, these flaws can facilitate a wide range of security attacks, such as website spoofing, server impersonation, and man-in-the-middle attacks.

Certificate Transparency strengthens the chains of trust that extend from CAs all the way down to individual servers, making HTTPS connections more reliable and less vulnerable to interception or impersonation. But what’s more, as a general security measure, Certificate Transparency helps guard against broader Internet security attacks, making browsing safer for all users.