Trust was SUPPOSED TO means “trust the web site operator”

Check out this . Note the hostname mismatch (it’s got a GeoTrust cert for www.adgrafics.com. Note the WEB TRUST seal in the upper right corner. Click on that, let Chrome kindly translate (appologies, I don’t read Russian or Ukranian.) Note the seal is from “https://webtrustukraineseal.com” (confused yet?) and THAT says “Verisign Trusted” (Verisign != GeoTrust.) Note also the default https://www.certificatesigningrequest.com:8443/ Plesk self-signed certificate.

So… you should trust these certificates? From several different CA’s, and from a site that uses self-signed certificates? Not to pick on Symantec’s Ukrainian trading partners… but really, are we supposed to trust these certificates? When the vendors are this sloppy?

Comments are closed.