SSL Certificate are one of the key parts of the internet that help keep your communications secure. Your phone or computer probably interacts with dozens of SSL Certificates each day. They are part of the system that lets you login securely to your bank account, or Facebook page, or messaging app. Their main job is to let your computer or smartphone prove that it is actually talking to the site or service it thinks it is talking to. If you’ve ever seen a page where your web browser warns you that it doesn’t trust a site, that’s probably because that company forgot to renew their SSL Certificate.

Apple, Google, Microsoft, and many other major tech companies place a lot of rules and regulation about who can issue valid SSL certificates. One of the big rules is that the certificates should only work for a given site and should only be issued if the person applying for one can prove that they actually own and have control over the site or service they need the certificate for. This is meant to prevent a hacker from applying for or tampering with a certificate that lets them listen in on your secure sessions on your bank’s website. Most of the companies that issue these SSL certificates follow the strict guidelines and are highly trustworthy. Some, however, are not.

Over the last few years, a company called WoSign broke several rules. Two of their worst violations were issuing certificates to people who had not proven they controlled websites and issuing certificates that worked on other sites than was intended. Both of these violations could have put millions of internet users at risk if the certificates had been for a major site like Amazon or Google. Fortunately, nothing too bad seems to have occurred, at least nothing that has been made public, but major internet players like Apple and Google could only tolerate such violations for so long. After repeatedly warning WoSign, the big internet players decided late last year to start phasing out trust for their SSL certificates. This means that if you try to go to a site that was using one of their certificates your browser will not take you there and will instead put up a big warning about the site not being secure.

These kind of punishments are rare but have happened in the past. Notably, Google and others placed severe punishments and restrictions on Symantec, the well known anti-virus company, recently for their continued SSL certificate rules violations. It’s a neat thing to see internet rivals like Apple, Google, and Microsoft come together to protect the security processes that millions of internet users rely on!

For more information about this latest incident with WoSign, check out Google’s post on their security blog. It has links to what the rules for SSL certificate authorities are and even links to the long list of violations that WoSign and their subsidiary StartCom committed over a number of years.