Any customers of StartCom SSL certs pre October 21, 2016 ?
I have just seen that the last Chrome, v. 57, doesn't trust StartCom certificates at all, even the ones issued before october 21, 2016. With Mozilla/Firefox no problem, only certs issued after october 21, 2016 are untrusted.
Google was unclear about the status of these older certificates:
I contacted StartCom about that:
From Chrome 57, all our SSL certs are not trusted in it. Even the certs issued before 21st Oct 2016. We raised issue with Google about it and did get any response why they distrusting certificates issued even before StartCom was bought. So now there is no solution to solve this problem. We wish we could do more for you, but unfortunately, we can do nothing because of the sanction of Chrome until we will be back in trusts. We will take several months to regain trust.
I find the behavior of Google a bit silly. For WoSign itself ok, but StartCom was in the SSL certs business for a long time, without problems until the new owner WoSign (now out) did fuck them up.
I think customers with pre-21.10.16 EV and OV certs should complain at Google.
For the time being, in order to get working certs on Chrome also, I went to buy at gogetssl.com