In association with heise online

12 October 2009, 10:58

Thawte discontinues Web of Trust for free SSL certificates

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

thawte The Thawte trust centre will revoke its free "Thawte Personal Email Certificate" SSL email certificates on the 16th of November. On the same day, the vendor also plans to shut down the server that issues new email certificates. Instead of the usual verification procedures involving official personal IDs used by other certification providers, Thawte validates the personal details for free certificates via a Web of Trust (WOT).

Applicants for a certificate have to liaise with WOT notaries who credit Trust Points after having been presented with official ID documents. Once a certain number of points has been reached, an applicant's identity is regarded as validated, which allows the applicant to issue certificates and become a WOT notary. The only other similar trust network for free SSL certificates is now offered by CAcert – but CAcert also offers server and PGP keys. However, most email clients and browsers have so far only acknowledged these certificates after the relevant root certificates have been imported manually.

Those who hold a Thawte Personal Email Certificate that is valid until the 16th of October can apply for a free one-year email certificate by VeriSign until the 16th of January 2010. WOT members will receive the required token in an email. Thawte advises its WOT users to switch to VeriSign certificates as soon as possible to allow sufficient enrolment time.

See also :


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit