During my attempt to verify and understand who stands behind the sending of fraudulent “reminder†email messages tricking our customers, I created a certificate from the source I was following. And my certificate was issued without any further questions.
As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including ba