Trustico States They Stored Private Keys for Customers' SSL Certificates https://www.bleepingcomputer.com/ne...-private-keys-for-customers-ssl-certificates/
Oh...I had quite narrowed down my trust circle on all devices (maybe 1/4 or so certs distrusted), but couldn't distrust all Digicert/Symantec cert as it'll break too many sites. I dream of a world where we no more need CAs - DNS Chain seems to be promising, but that world won't come because - these CA will lose its revenue! So Google go to CT which is not at all effective against state sponsored actor. (sigh)
The term blunder is an understatement. Proverbial countdown to shutdown is on. That's pretty short notice. And can't even imagine the headache yet to come for many of those clients in spite of the rush to stave off. Ouch
Trustico Boss Claims 'Significant Suffering' After Certificates Revoked https://www.infosecurity-magazine.com/news/trustico-suffering-certificates/