I was referring to the CA that signs it. It was implied that freessl.com, who gives out trial certificates, is an unreliable CA. I do not understand why their certs would be any less valid than anothers.
Not less valid, less trusted. SSL is a heirarchical "web of trust".
As long as the website listed on the cert is the website you are visiting, why should it matter who issued the cert?
Because how can I know that a certificate issued to "A" is really entity "A", unless I trust a central authority to do the homework.
Phishing attacks love this trick. If anybody could get a cert for "www.chase.com" that was valid to the browser, then anybody that could do DNS foo to the client could spoof the real Chase.
/mike. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/