Do you know what web site the client used to register it originally? If you register a certificate with a "." in it, Comodo's instantssl.com store usually sends a domain validation email (to [email protected], [email protected], etc.). In this case, I would think the email would never arrive, right?
On Wed, Nov 4, 2009 at 9:35 PM, Paul van Brouwershaven <[email protected]> wrote: > Collin Jackson schreef: >> I've found several certificate authorities that issue certificates for >> internal domains, including Comodo, VeriSign, and completessl.com. >> Adam Barth and I filed a bug on this issue in 2007. These >> certificates are easy to acquire, but I don't see how they're less >> secure than HTTP, so we've been advocating that browsers show >> a broken lock: > Thats an other discussion, this is not an internal domain but a public > domain, see: > http://www.iana.org/domains/root/db/int.html > _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
