Is this the end of the line for DigiNotar?
Posted on 15 September 2011.
DigiNotar is going down quickly and in flames.

After having its SSL and EVSSL certificates deemed untrustworthy by the most popular browsers, around 4200 qualified certificates - i.e. certificates used to create digital signatures - issued by the CA are currently in the process of being revoked and their holders notified of the fact by the Dutch independent post and telecommunication authority (OPTA).

ISC reports that, starting from yesterday, OPTA has terminated the accreditation of DigiNotar as a certificate provider for "qualified" certificates. The revocation of this accreditation also makes DigiNotar unqualified to issue certificates under the PKIoverheid CA.

After having exchanged information with DigiNotar and its auditors, OPTA came to the conclusion that not only has the CA not adhered to the European guidelines and standards governing the issuing of qualified certificates, but has also broken a few local laws.

OPTA's report also finally revealed the auditing firm that missed the rogue Google SSL certificate in July: it's PriceWaterhouseCoopers.

"It’s game over for DigiNotar. Very soon they will officially no longer be a valid entity to issue certificates," commented recently Andrew Storms, Director of Security Operations for nCircle, and it seems that he was right.


(IN)SECURE Magazine issue 45 released

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Mar 4th