← Back to context

Comment by blueflow

3 years ago

This happens all the time when a server is rebuilt from scratch - same cert using a different keypair.

So should we conclude that SSL cert infrastructure is completely compromised and now any country can issue fake certificates?

  • No, there is no reason to jump to such extremes.

    • There are approximately 10 Tier-1 ISPs through which majority of Internet traffic passes, and unless I misunderstood something, they can issue valid certificates for almost any domain. To me it looks like "completely compromised".

      3 replies →