Trustico | |
Type: | Private company |
Hq Location City: | Croydon |
Hq Location Country: | United Kingdom |
Industry: | Internet security, Public key infrastructure |
Trustico is a dedicated SSL certificate provider, They are headquartered in the United Kingdom.
The company was founded in 2006 in United Kingdom by Zane Lucas. They gradually spread around the world over the following years. The firm currently operates entirely in the selling of SSL Certificates.
On 22 June 2017 Trustico entered a Partnership with Comodo, a developer of cyber security solutions and digital certificates.[1] [2]
The company became notable in March 2018, after its CEO transferred the private keys for 23,000 HTTPS certificates via email (a non-secure protocol) to an executive at DigiCert.[3] [4] [5] [6] The fact that these private keys had been stored by Trustico suggested that Trustico had been violating the baseline requirements for certificate authorities.
This was followed by the disclosure of a critical security flaw – a publicly accessible root shell – in the Trustico website, after which the website was taken offline.[7] [8] The result was that thousands of Trustico customers had their security certificates revoked by DigiCert.[6]
Following Google's statement, on 11 September 2017, to distrust Symantec's SSL Certificates for unsatisfactory security standards.[9] Trustico followed suit in abandoning Symantec issued SSL Certificates.[10] [11] Trustico offered replacements to all Symantec CA Certificates issued between June 2016 and December 2017 in compensation for those affected by the abandonment.
On 2 February Trustico sent an email to DigiCert requesting the revocation of all Symantec Certificates - around 50,000 - managed by DigiCert. DigiCert, who had recently acquired Symantec's[12] [13] [14] CA business denies the request to mass-revoke the certificates. On 25 February DigiCert terminated its contract with Trustico after Trustico said it would seek a legal opinion on the matter.[15]
On 27 February DigiCert released a statement claiming they had received an email from Trustico containing over 23,000 private keys before mass emailing Trustico's customers about the security breach.