In the world of secure websites, it's critical to maintain proper ownership of the certificate that helps protect your site.  Certificates hold the encryption keys that allow users to securely interact with your site.  When a certificate expires or changes ownership, it is important (and even required) that it be revoked and replaced with a new, updated certificate.  This ensures that the current owner of the certificate is the only one who can offer legitimate access to that specific website. 

Some really smart guys (Ian Foster and Dylan Ayrey) found what they have termed "Bygone SSL" where one person can hold a valid certificate for a website that someone else owns!  This interesting phenomenon is not necessarily a result of nefarious behavior, but rather the reality of how certificates work today.  In this video, John explains the issue and outlines the reason this is happening.  Enjoy!


 

Related Resources: