Jump to content

Trustico

Add links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 91.124.117.29 (talk) at 17:24, 12 March 2018 (not event here). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Trustico
Company typePrivate company
IndustryInternet security, Public key infrastructure
Headquarters
Croydon[1]
,
United Kingdom[1]

Trustico is a certificate reseller.

History

It became notable in March 2018, after its CEO transferred the private keys for 23,000 HTTPS certificates via email (a non-secure protocol) to an executive at DigiCert.[2][3][4][1][5] The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.[2]

This was followed by the disclosure of a critical security flaw - a publicly-accessible root shell - in the Trustico website, after which the website was taken offline.[6][7]

See also

References

  1. ^ a b c "23,000 HTTPS certs will be axed in next 24 hours after private keys leak".
  2. ^ a b "23,000 HTTPS certificates axed after CEO emails private keys".
  3. ^ Whittaker, Zack. "Trustico compromises own customers' HTTPS private keys in spat with partner".
  4. ^ "23,000 Digital Certificates Revoked in DigiCert-Trustico Spat - SecurityWeek.Com". www.securityweek.com.
  5. ^ "How not to run a CA - Hacker News". news.ycombinator.com.
  6. ^ "Trustico website goes dark after someone drops critical flaw on Twitter".
  7. ^ "HTTPS cert flingers Trustico, SSL Direct go TITSUP after website security blunder blabbed".


Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Trustico&oldid=830084564"