Trustwave admits issuing man-in-the-middle digital certificate (ComputerWorld)

That's not how it works at all, your browser does not have any finger print on record for any certificate. Certificates can change at will as long as the commonName matches the DNS name and it's ultimately signed by a root you trust, that's all that is verified. There is nothing preventing you from having many legit certs with the same name.

There are proposals for certificate pinning which will store fingerprints much like SSH does, I believe Chrome now does this for *.google.com certs by default, but this is not standard or required or widely deployed behavior.