https://stackoverflow.com/questions/14630300
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIt is up to the CA to ensure that the person applying for a certificate own the domain.
One method that is often being used for cheap SSL certificates is whois lookup
But methods can vary from CA to CA and the level of trust the certificate gives.
How does a SSL Certificate Authority know that you own the domain? [closed]
-
06-03-2022 - |
Question
What is stopping one from getting a signed SSL certificate to a domain he/she does not own?
I.e. What checks are made to make sure one cannot simply buy a new certificate for google.com and go about doing evil...
Surely the whole point of giving (a ridiculous sum of) money to a CA is so that people are without doubt that the server they are connecting to is the correct one. No?
Thanks.
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
