RSG Model Works

Check out this . Note the hostname mismatch (it’s got a GeoTrust cert for www.adgrafics.com. Note the WEB TRUST seal in the upper right corner. Click on that, let Chrome kindly translate (appologies, I don’t read Russian or Ukranian.) Note the seal is from “https://webtrustukraineseal.com” (confused yet?) and THAT says “Verisign Trusted” (Verisign != GeoTrust.) Note also the default https://www.certificatesigningrequest.com:8443/ Plesk self-signed certificate.

So… you should trust these certificates? From several different CA’s, and from a site that uses self-signed certificates? Not to pick on Symantec’s Ukrainian trading partners… but really, are we supposed to trust these certificates? When the vendors are this sloppy?

This entry was posted on Wednesday, December 7th, 2011 at 7:02 am and is filed under Certificate Glitches, Networking Faux Pas, Crypto Plumbing. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.