Trust was SUPPOSED TO means “trust the web site operator”

Check out this . Note the hostname mismatch (it’s got a GeoTrust cert for Note the WEB TRUST seal in the upper right corner. Click on that, let Chrome kindly translate (appologies, I don’t read Russian or Ukranian.) Note the seal is from “” (confused yet?) and THAT says “Verisign Trusted” (Verisign != GeoTrust.) Note also the default Plesk self-signed certificate.

So… you should trust these certificates? From several different CA’s, and from a site that uses self-signed certificates? Not to pick on Symantec’s Ukrainian trading partners… but really, are we supposed to trust these certificates? When the vendors are this sloppy?

Comments are closed.