Because of varied reasons, I have spent a little time in my life looking at SSL certificates. I have spent time creating, signing, configuring, buying, deploying and validating them. I have hardly ever seen something like Valicert, though.
So, a user has a SSL error, and there appears a certificate that has nothing to do with the site he's supposed to be accessing. It's marked as invalid (nevermind) and is from a CA I have never heard of, called Valicert.
It seems to be a valid CA, its certificates mostly validate, etc, but something is fishy (besides the fact that there is a freaking Valicert certificate where there should not be one and I have no idea why).
It seems Valicert is or was owned by GoDaddy, which should already be a problem, but it gets worse. The URL for the CA? valicert.com which is not configured as a site. Then I try www.valicert.com which does exist but is not about a CA but about AxWay, a "Business Interaction Networks company".
It contains nuggets like "What can our cloud-based community management solution do for your bottom line?" and "Is your file transfer system visibility-impaired?" and "Our award-winning products, solutions and services enable the business-critical transactions required to accelerate performance within and among enterprises – while providing management, security and governance on interactions throughout business networks."
And then I had the (bad) idea to try https://www.valicert.com ... a picture should be enough:
These bozos, this company that dares offer file transfer whatnots and has "award winning products"... has a self-signed certificate, that expired in 2010, for localhost freaking localdomain in their public webserver.
So, I am guessing Valicert doesn't exist anymore, godaddy kept the CA alive until all certs expire and for some reason AxWay is a bunch of incompetents who bought the domain (but why???) and really, trusting CAs is getting harder each day.
Yup, the CA modem is broken. I've switched to convergence.io, and keep telling anyone who will listen to do the same. So go do it :-)