Black Hat 2009 -- Breaking SSL With Null Characters

If you apply for a certificate, the certificate authority looks at the common name on the form and contacts the domain owner. The CA ignores the subdomain. The trick is to drop in a null character in the subdomain. If you register,[null character], the CA will contact the owner of and issue the cert. When clients like Firefox use NSS to verify the cert, the null character causes them to think the certficate is valid for because they stop at the null character. Even if the person examines the cert in their browser, it will show

Bad news for legit peeps.