

The Guardian also open-sourced a test SSL cert - boyander
https://github.com/guardian/frontend/blob/master/nginx/frontend.key

======
ctz

      Issuer: C=GB, ST=London, L=London, O=GU, OU=tech, CN=*.int.gnl/emailAddress=martyn.inglis@guardian.co.uk  
      Subject: C=GB, ST=London, L=London, O=GU, OU=tech, CN=*.int.gnl/emailAddress=martyn.inglis@guardian.co.uk
    

This isn't the Guardian's certificate. It's self-signed, for starters.

------
vxxzy
This is just a self-signed cert.

~~~
untog
Before everyone gets hysterical, please vote ^^^ that comment up. It's a self-
signed cert, it is not used in production:

[https://news.ycombinator.com/item?id=6875023](https://news.ycombinator.com/item?id=6875023)

~~~
bradleybuda
Yep. Though it opens up a (probably hypothetical) potential attack if this
cert is widely trusted on, say, Guardian employees' development machines.

------
quasse
HTTPS does not seem to be properly configured on their servers anyway, I get
an "You attempted to reach www.theguardian.com, but instead you actually
reached a server identifying itself as *.a.ssl.fastly.net." error when trying
to connect over HTTPS.

That's interesting because they do have content protected by a sign in system.
Are they just not using HTTPS for that? I kind of expected more from the
Guardian.

~~~
lotsofcows
It's a CDN. CloudFlare operates the same way.

------
clone1018
Wouldn't this allow someone to do a full man in the middle attack with a
compromised server/dns server?

~~~
pritambaral
If it were the actual cert they're using, yes.

~~~
clone1018
Oh I see now that it's just the self signed cert. Awesome :)

------
anilshanbhag
So now anyone snooping on visitors to Guardian's site can decrypt the
communication. Don't see why anyone would waste time on this given that there
is no 'money' involved.

------
boyander
Yes, just checked now.

------
samuel1604
it's not the real one it's a test SSL cert

