@thecreativeone91 said:

@scottalanmiller said:

@thecreativeone91 said:

So how does a site get an SSL without knowing? "CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge." I assume that means if the site is hacked.

No, it does not mean that it has been hacked. This is really easy to do. I'm not sure at what stage you think that there is a verification for this currently but generally there is nothing.

But it has to be used at the domain it's issued for or else it will throw a mismatch error.. Unless it's a whild card cert..

That's a completely different piece of security. If you hijack DNS you completely bypass it.