For more information see the Suggested Actions section of this advisory. The purpose of this advisory is to notify customers that National Informatics Centre (NIC) improperly issued SSL certificates for multiple sites including Google web properties.The subordinate CA may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks. A subordinate CA certificate was improperly issued by the National Informatics Centre (NIC), subordinated to the Government of India CA, which is a CA present in the Trusted Root Certification Authorities Store.In the most familiar type of cryptography, secret-key cryptography, the ciphertext is transformed back into plaintext using the same key.However, in a second type of cryptography, public-key cryptography, a different key is used to transform the ciphertext back into plaintext. In public-key cryptography, one of the keys, known as the private key, must be kept secret.In those cases you should follow the instructions in the message. Certification authorities are the organizations that issue certificates.
To help protect customers from potentially fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue.
So, each recipient of a signed message decides if the issuer of the signer's certificate is trustworthy.
Crypto API has implemented a methodology to allow application developers to create applications that automatically verify certificates against a predefined list of trusted certificates or roots.
The subordinate CA has been misused to issue SSL certificates for multiple sites, including Google web properties.
These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against web properties.