LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fraudulent *.google.com certificate issued

Fraudulent *.google.com certificate issued

Posted Aug 31, 2011 5:16 UTC (Wed) by niner (subscriber, #26151)
In reply to: Fraudulent *.google.com certificate issued by kpfleming
Parent article: Fraudulent *.google.com certificate issued

StartSSL still operates that way. They are not only extremely cheap, but also very thorough. We had to send them quite a few documents and they called not only me, but also the company owner on the phone for verification. It's a shame that not more people know about them. They're essentially breaching the certificate oligopoly and make SSL available to a much wider audience.

(Log in to post comments)

Fraudulent *.google.com certificate issued

Posted Aug 31, 2011 22:24 UTC (Wed) by ondrej (subscriber, #27872) [Link]

Really? I just issued my cert with StartCom by just clicking on the web and proving just that I am able to read the mail associated with the domain name.

Fraudulent *.google.com certificate issued

Posted Sep 1, 2011 7:19 UTC (Thu) by niner (subscriber, #26151) [Link]

As you may have noticed, StartCom is offering certificates at different verification levels. You got the Class 1 Free certificate while I described the procedure for Class 2 Verified certificates.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds