What if you give a certificate without domain authentication?

Question

I know that domain authentication is required to get a certificate for HTTPS. But I really don't know why this is needed. Can't you just give a certificate without domain verification? What happens if I just give the certificate? Are there any concerns?

I searched the website, but couldn't find a satisfactory answer. I'm very curious about that part.

What exactly do you mean by domain authentication? As in creating a TXT record to verify that a person is in control of a domain? — slightly_toasted, Jul 27 '21 at 12:55

score 0 · Accepted Answer · answered Jul 27 '21 at 12:56

0

This is necessary to avoid web site spoofing. If you own specific domain -- you can get a certificate for that specific domain only.

Otherwise, anyone could request a trusted certificate for microsoft.com or google.com web sites and spoof them.

answered Jul 27 '21 at 12:56

Crypt32

6,639
1
15
33

What if you give a certificate without domain authentication?

1 Answers1