Over 23,000 users will have their SSL certificates revoked by tomorrow morning, March 1, in an incident between two companies —Trustico and DigiCert— that is likely to have a huge impact on the CA (Certificate Authority) industry as a whole in the coming months.
The entire saga started earlier today when DigiCert, one of the biggest certificate issuers on the Internet, sent emails to over 23,000 customers who obtained their SSL certificates through a UK reseller named Trustico.
DigiCert said that because of a security incident, they had to revoke all certificates issued to Trustico, which Trustico later sold to its own customers. Trustico General Manager Zane Lucas, on the other hand, denied that his company suffered any security incident.
At thing point, it all become too complicated, so we'll just lay out a timeline of events, based on statements made by both companies, at the time of writing.
........................
........................
