The two Chinese companies are currently embroiled in controversies where technology firms are deprecating their certificates, and Microsoft has now also joined in and made a decision.
A design to remove the certificates issued by WoSign and StartCom.
Redmond announced that it arrived at this decision after careful consideration, and decided to join Mozilla, Google, and Apple in not recognizing certificates from either company as valid. Windows 10 will no longer do so after September 2017.
Though the announcement post does not mention Windows 7 doing the same:
“Microsoft will begin the natural deprecation of WoSign and StartCom certificates by setting a ‘NotBefore’ date of 26 September 2017. This means all existing certificates will continue to function until they self-expire. Windows 10 will not trust any new certificates from these CAs after September 2017. Microsoft values the global Certificate Authority community and only makes these decisions after careful consideration as to what is best for the security of our users.”
Microsoft took this step after the two Chinese certificate authorities failed to maintain security standards required by the company’s Trusted Root Program.
For years, at that.
It says that it observed unacceptable security practices ranging from back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, as well as multiple CAB Forum Baseline Requirements (BR) violations.
What this move to block the two certificate issuing bodies means for Windows 10 users is that almost all major web browsers will not cease to recognize these certificates as valid.
Save for Opera, which continues to trust WoSign certificates.
And will probably keep on doing so, keeping in mind that it was purchased by a Chinese consortium for $600 million last year.