|
|
|
|
|
|
by gojomo
4445 days ago
|
|
|
He has to have the private key that matches the certificate he's presenting. He's presenting the CloudFlare-obtained cert (which the site offers up on request), so the lack of a warning means he's got that private key. Getting another CA-signed certificate, naming 'www.cloudflarechallenge.com' and matching another private key, would itself be an impressive compromise, though not the challenge CloudFlare made or what he's demonstrating. |
|
|