@boneidol Sadly I have no idea. All I know is anyone with enough $ can buy a CA cert… yet I have heard of more than one case of malicious sites given a clean bill of health, and even when proven malicious were kept in the CA list of goodguys.

Meanwhile, self hosted nice people who can’t afford vast sums have their visitors scared away by a series of fear inducing warnings if they have a self signed cert. OR they can stay unencrypted. If CA cert was actually about making the internet safe, it shouldn’t cost more than a domain name. Apparently CA cert is about (a) making money and (b) making the Internet into an exclusive playground for the rich…