Changing SSL certificate contact info without permission or authorization. Is it illegal for an admin or ssl installer to change the contact information in someones SSL certificate that they are installing? Even though the SSL certificate company issued the certificate under another email address? So far the admin changed the email contact information twice without permission or authorization to do so. They said they did not do it. The ssl cert company says they did not change it. Someone did.
See my answer in your other thread. The information held within an SSL cert cannot be changed without the knowledge of the ssl tech contact (and possibly the admin contact). Both the installer and signer (CA) have to know about the change. The CA never changes information on their own, they only act on information given - ie the cert request. The CA should never ever sign a new cert without the correct permissions being granted. Whoever signed the cert would be able to provide an audit trail for that cert - it might cost money, but they will be able to provide it. From that trail you'll be able to clearly see who did what, and who authorized it.