Is this the end of the line for DigiNotar?
Posted on 15 September 2011.
DigiNotar is going down quickly and in flames.

After having its SSL and EVSSL certificates deemed untrustworthy by the most popular browsers, around 4200 qualified certificates - i.e. certificates used to create digital signatures - issued by the CA are currently in the process of being revoked and their holders notified of the fact by the Dutch independent post and telecommunication authority (OPTA).

ISC reports that, starting from yesterday, OPTA has terminated the accreditation of DigiNotar as a certificate provider for "qualified" certificates. The revocation of this accreditation also makes DigiNotar unqualified to issue certificates under the PKIoverheid CA.

After having exchanged information with DigiNotar and its auditors, OPTA came to the conclusion that not only has the CA not adhered to the European guidelines and standards governing the issuing of qualified certificates, but has also broken a few local laws.

OPTA's report also finally revealed the auditing firm that missed the rogue Google SSL certificate in July: it's PriceWaterhouseCoopers.

"Itís game over for DigiNotar. Very soon they will officially no longer be a valid entity to issue certificates," commented recently Andrew Storms, Director of Security Operations for nCircle, and it seems that he was right.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th