Chinese root CA issues rogue/fake certificates

Eric Kuhnke eric.kuhnke at
Wed Aug 31 04:38:55 UTC 2016

One of the largest Chinese root certificate authority WoSign issued many
fake certificates due to an vulnerability.  WoSign's free certificate
service allowed its users to get a certificate for the base domain if they
were able to prove control of a subdomain. This means that if you can
control a subdomain of a major website, say, you're able to
obtain a certificate by WoSign for, taking control over the
entire domain.

More information about the NANOG mailing list