They collected 30K certs from Firefox trusted CAs. 9K of them were MD5 signed. 97% of those came from RapidSSL. Having selected their target, the team needed to generate their rogue certificate to ...