Lost In Cyberia Posted July 17, 2014 Share Posted July 17, 2014 Hey everyone, Have you guys heard about this? For the TL;DR version. Google's domains where found to be signed to an unknown person. The Signer of the certificate was a CA in India. The CA accidently issued 45 SSL certs for domains that were owned by google and yahoo. My question is that, how can the google certs be signed, and then the same domain signed again by the Indian CA? Can a domain be signed twice? It seems like this shouldn't be the case... Also is revoking a certification the same thing as removing it from the Cert store? I know that Chrome doesn't really check for revocation.. So does that mean they just relay on "bad" ssl certs to be removed completely from the store? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.