This morning, as Senator Ted Cruz launched his bid to become president of the United States, some people who visited his site thought he might also want to become a Nigerian prince. At least, that’s what his site’s certificate said.
It turns out that Cruz’ campaign had registered to use CloudFlare as the content delivery network for its WordPress-based tedcruz.org site, anticipating a flood of traffic from would be supporters. But because the Cruz campaign hadn’t yet uploaded a certificate to identify the site for secure visits, CloudFlare’s systems automatically assigned the site one of its own certificates, CloudFlare CEO Matthew Prince told Ars. “The Cruz campaign didn’t do anything wrong,” he said. “It was an automated process on CloudFlare’s part.” The certificate that the Cruz campaign’s site got assigned to was also assigned to nigerian-prince.com.
The Ted Cruz campaign site’s new certificate.
2 more images in gallery
CloudFlare assigns multiple sites to each of its own pool of SSL certificates, Prince said, “to limit consumption of IP addresses. By default we put more than one site on a certificate—if you don’t upload your own certificate, then you share one.” As soon as it was noticed that the Cruz campaign site shared a certificate with nigerian-prince.com—a site that displays only a joke about Nigerian “419” scams—CloudFlare and the Cruz campaign uploaded a new, private certificate, though tedcruz.org still appears on the certificate for nigerian-prince.com.
Read 1 remaining paragraphs | Comments