Trustico
 | This article may be affected by a current event. Information in this article may change rapidly as the event progresses. Initial news reports may be unreliable. The last updates to this article may not reflect the most current information. (March 2018) |
| Company type | Private company |
|---|---|
| Industry | Internet security, Public key infrastructure |
| Headquarters | , |
Trustico is a certificate reseller.
It became notable in March 2018, after its CEO transferred the private keys for 23,000 HTTPS certificates via email (a non-secure protocol) to an executive at DigiCert.[2][3][4][1][5] The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.[2]
This was followed by the disclosure of a critical security flaw - a publicly-accessible root shell - in the Trustico website, after which the website was taken offline.[6][7]
See also
References
- ^ a b c "23,000 HTTPS certs will be axed in next 24 hours after private keys leak".
- ^ a b "23,000 HTTPS certificates axed after CEO emails private keys".
- ^ Whittaker, Zack. "Trustico compromises own customers' HTTPS private keys in spat with partner".
- ^ "23,000 Digital Certificates Revoked in DigiCert-Trustico Spat - SecurityWeek.Com". www.securityweek.com.
- ^ "How not to run a CA - Hacker News". news.ycombinator.com.
- ^ "Trustico website goes dark after someone drops critical flaw on Twitter".
- ^ "HTTPS cert flingers Trustico, SSL Direct go TITSUP after website security blunder blabbed".
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |