StartCom

 This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (April 2010)
StartCom Ltd.
Type Private company
Industry Internet security, Public key infrastructure
Founded 1999
Headquarters Eilat, Israel
Key people President & CEO: Eddy Nigg
Website www.startcom.org

StartCom is a company based in Eilat, Israel that has three main activities: StartCom Linux Enterprise (Linux distribution), StartSSL (Certificate Authority) and MediaHost (Web hosting).

StartSSL

StartCom offers the free (for personal use) Class 1 X.509 SSL certificate "StartSSL Free", which works for webservers (SSL/TLS) as well as for E-mail encryption (S/MIME). It also offers Class 2 and 3 certificates as well as Extended Validation Certificates, where a comprehensive validation (with costs) is mandatory.

In June, 2011, the company suffered a network breach which resulted in StartCom suspending issuance of digital certificates and related services for several weeks.[1] The attacker was unable to use this to issue certificates (and StartCom was the only breached provider, of six, where the attacker was blocked from doing so). [2]

The "StartCom Certificate Policy & Practice Statements" document §3.1.2.1 is explicit that the Class 1 (free) certificates are for non-commercial uses only.[3] The previous version of the CPS did not include this restriction.[4]

Trustedness

In contrast to CAcert.org, which also offers free Class 1 SSL certificates, the StartSSL certificate is included by default in Mozilla Firefox 2.x and higher, in Apple Mac OS X since version 10.5 (Leopard), all Microsoft operating systems since 24 September 2009,[5][6] and Opera since 27 July 2010.[7] Since Google Chrome, Apple Safari and the Internet Explorer use the certificate store of the operating system, all major browsers include support for StartSSL certificates.

Limitations of StartSSL Free

While certificates are free for certain uses, there are limitations imposed unless an upgrade is purchased:

  • One-year validity.
  • One domain name per certificate.
  • One certificate per domain name.
  • No commercial use
↑Jump back a section

See also

↑Jump back a section

References

  1. ^ "Web authentication authority suffers security breach". The Register. June 26, 2011. Retrieved January 14, 2012. 
  2. ^ "How StartCom Foiled Comodohacker: 4 Lessons". InformationWeek. September 8, 2011. Retrieved December 20, 2012. 
  3. ^ "StartCom Certificate Policy & Practice Statements". 2.3. StartCom. October 31, 2012. 3.1.2.1. Retrieved December 20, 2012. 
  4. ^ "Policy & Practice Statements". 2.2. StartCom. June 13, 2010. Retrieved December 20, 2012. 
  5. ^ "Microsoft Adds Support for StartCom Certificates" (Press release). StartCom.org. September 24, 2009. Retrieved 2011-01-14. 
  6. ^ "Microsoft updates trusted root certs to include StartCom". Sophos.com Naked Security blog. September 27, 2009. 
  7. ^ "New Roots, new EV, and a new Public Suffix file". Opera.com Rootstore blog. 
↑Jump back a section

External links

↑Jump back a section

Read in another language

This page is available in 2 languages

Last modified on 21 March 2013, at 03:43