We are in a stormy period from the political point of view on a global level, and those who deal with technology can occasionally get the impression of being in a kind of virtuous bubble, a community of enthusiasts discussing in honesty and transparency in a general mood of trust, trust which is the basis of the Certification Authorities (CA) of which we have pre-installed the root certificates in our browser.
Well it happened that StartCom StartSSL, a CA that allowed the production of SSL certificates with a 1 year validity to encrypt the traffic of non commercial web sites with HTTPS for free, has lost this trust.
Following investigations conducted by the wide-ranging community has emerged a fraudulent misissuing of certificates conducted in open contradiction with the code of ethics that those authorities must respect, so at the end of October 2016 two big of tech, Mozilla first and Google after, they decided to distrust StartCom SSL from their browsers, FireFox and Chrome respectively.
Respect to StartSSL, certificates issued with sslforfree have a deadline of just 3 months, but the verification and issuance process is relatively simpler and faster with the “manual” procedure that requires uploading some files to your hosting via FTP, as you do for example with Google Analytics and Webmaster tools verification.
It must be said that the same root certificate of sslforfree, which is a subproject of the larger let’s encrypt project sponsored by the big tech companies, has a shorter validity, only 5 years expiring in 2021 while StartCom’s expiration was in 2030.
Probably also the shorter duration of the validity for the root certificate is a new security measure in order to be re-confirm in a few years that there is still ground to consider the Authority reliable, because to think ill of someone is a sin but almost always correct.