StartCom

StartCom Ltd.
Type	Private company
Industry	Internet security, Public key infrastructure
Founded	1999
Headquarters	Eilat, Israel
Key people	President & CEO: Eddy Nigg
Website	www.startcom.org

StartCom is a company based in Eilat, Israel that has three main activities: StartCom Linux Enterprise (Linux distribution), StartSSL (Certificate Authority) and MediaHost (Web hosting).

StartSSL [edit]

StartCom offers the free (for personal use) Class 1 X.509 SSL certificate "StartSSL Free", which works for webservers (SSL/TLS) as well as for E-mail encryption (S/MIME). It also offers Class 2 and 3 certificates as well as Extended Validation Certificates, where a comprehensive validation (with costs) is mandatory.

In June, 2011, the company suffered a network breach which resulted in StartCom suspending issuance of digital certificates and related services for several weeks.^[1] The attacker was unable to use this to issue certificates (and StartCom was the only breached provider, of six, where the attacker was blocked from doing so). ^[2]

The "StartCom Certificate Policy & Practice Statements" document §3.1.2.1 is explicit that the Class 1 (free) certificates are for non-commercial uses only.^[3] The previous version of the CPS did not include this restriction.^[4]

Trustedness [edit]

In contrast to CAcert.org, which also offers free Class 1 SSL certificates, the StartSSL certificate is included by default in Mozilla Firefox 2.x and higher, in Apple Mac OS X since version 10.5 (Leopard), all Microsoft operating systems since 24 September 2009,^[5]^[6] and Opera since 27 July 2010.^[7] Since Google Chrome, Apple Safari and the Internet Explorer use the certificate store of the operating system, all major browsers include support for StartSSL certificates.

Limitations of StartSSL Free [edit]

While certificates are free for certain uses, there are limitations imposed unless an upgrade is purchased:

One-year validity.
One domain name per certificate.
One certificate per domain name.
No commercial use

References [edit]

^ "Web authentication authority suffers security breach". The Register. June 26, 2011. Retrieved January 14, 2012.
^ "How StartCom Foiled Comodohacker: 4 Lessons". InformationWeek. September 8, 2011. Retrieved December 20, 2012.
^ "StartCom Certificate Policy & Practice Statements". 2.3. StartCom. October 31, 2012. 3.1.2.1. Retrieved December 20, 2012.
^ "Policy & Practice Statements". 2.2. StartCom. June 13, 2010. Retrieved December 20, 2012.
^ "Microsoft Adds Support for StartCom Certificates" (Press release). StartCom.org. September 24, 2009. Retrieved 2011-01-14.
^ "Microsoft updates trusted root certs to include StartCom". Sophos.com Naked Security blog. September 27, 2009.
^ "New Roots, new EV, and a new Public Suffix file". Opera.com Rootstore blog.

External links [edit]

[1] "Web authentication authority suffers security breach". The Register. June 26, 2011. Retrieved January 14, 2012.

[2] "How StartCom Foiled Comodohacker: 4 Lessons". InformationWeek. September 8, 2011. Retrieved December 20, 2012.

[3] "StartCom Certificate Policy & Practice Statements". 2.3. StartCom. October 31, 2012. 3.1.2.1. Retrieved December 20, 2012.

[4] "Policy & Practice Statements". 2.2. StartCom. June 13, 2010. Retrieved December 20, 2012.

[5] "Microsoft Adds Support for StartCom Certificates" (Press release). StartCom.org. September 24, 2009. Retrieved 2011-01-14.

[6] "Microsoft updates trusted root certs to include StartCom". Sophos.com Naked Security blog. September 27, 2009.

[7] "New Roots, new EV, and a new Public Suffix file". Opera.com Rootstore blog.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

StartCom

Contents

StartSSL [edit]

Trustedness [edit]

Limitations of StartSSL Free [edit]

See also [edit]

References [edit]

External links [edit]

Navigation menu

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Interaction

Toolbox

Print/export

Languages