[mercora]

I do not have appropriate words for this. What a terrible nightmare. And even worse the second time they did this. I mean what kind of company is this? I am seriously shattered that they are so careless with so much responsibility. I never liked the trusted CA system on the web but always thought you would need to be at least some state actor or serious professional in order to be able to get hold of certificates from them without validation. They should all be required to get some real security audit on everything involved, and do it again whenever there is a change or some time passed. Without they should be dropped from the list of trusted CAs. I really do not get how this happened. It is like someone did this on purpose. I am sad now.