[londons_explore]

Because nobody ever looked at the text of the certificate. It was probably a binary file checked into the source control system and, since it seemed to work, nobody ever looked at it.

Probably came as part of the dev kit from AMI.

[kevin_thibedeau]

The only winning move is not to play. AMI should never have distributed test certs to begin with. Give your customers instructions on how to generate self-signed certificates (assuming they are accepted) or setup a dev CA that will sign test certificates. Then the damage from a key leak is limited to one vendor.