0

I know that domain authentication is required to get a certificate for HTTPS. But I really don't know why this is needed. Can't you just give a certificate without domain verification? What happens if I just give the certificate? Are there any concerns?

I searched the website, but couldn't find a satisfactory answer. I'm very curious about that part.

user783741
  • 13
  • 2

1 Answers1

0

This is necessary to avoid web site spoofing. If you own specific domain -- you can get a certificate for that specific domain only.

Otherwise, anyone could request a trusted certificate for microsoft.com or google.com web sites and spoof them.

Crypt32
  • 6,639
  • 1
  • 15
  • 33