Chinese Certificate Authority ‘mistakenly’ gave out SSL Certs for GitHub Domains

By [email protected] (Swati Khandelwal) A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.

The certificate authority, named WoSign, issued a base certificate for the Github domains to an unnamed GitHub user.

But How? First of all, do you know, the traditional Digital Certificate

Via:: Chinese Certificate Authority ‘mistakenly’ gave out SSL Certs for GitHub Domains