According to DigiNotar’s own investigation, they found out that they were compromised on July 19, 2011, and several rogue SSL certificates had been issued including the one to *.google.com. All the other ones were revoked, but for some reason, DigiNotar missed revoking the one issued for Google’s domain. Why is this important? With the rogue certificate issued by a trusted CA, it’s possible to do Man-in-the-Middle attacks and listen in to any traffic going to Google’s services, such as Google Mail, Google Docs, Google Plus, and Google Apps, without any visible warnings to users.