Monday, December 05, 2016

Disabling WoSign and StartCom from list of trusted CAs

I was setting up an OpenVPN server a while ago. To remove the browser warning on its WebGUI, I used a free certificate from StartSSL because it's more straightforward than Let's Encrypt. As I was setting up the certificate though, I encountered a couple of articles warning the community about StartSSL. You can read more about it here.

Since WoSign and StartCom are no longer trustworthy, I manually removed them from my browsers:

At least the chance of being snooped upon by Chinese state hackers is slightly lessened now.