After Mozilla inquiry, Apple untrusts Chinese certificate authority
Following a Mozilla-led investigation that found multiple problems in the SSL certificate issuance process of WoSign, a China-based certificate authority, Apple will make modifications to the iOS and macOS to block future certificates issued by the company.
Although there is no WoSign root certificate in Apple’s trusted certificate store, a WoSign intermediate CA certificate is cross-signed by two other CAs that Apple trusts: StartCom and Comodo. This means that until now Apple products have automatically trusted certificates issued through the WoSign intermediate CA.
Because WoSign experienced multiple control failures in their certificate issuance processes for the WoSign CA Free SSL Certificate G2 intermediate CA, “we are taking action to protect users in an upcoming security update,” Apple said in support notes for both iOS and macOS. “Apple products will no longer trust the WoSign CA Free SSL Certificate G2 intermediate CA.”