A coworker (thanks James) found this article about how to fake a digital cert on a web site.  The quote below is from a related article: Researchers Use PlayStation Cluster to Forge a Web Skeleton Key 

A powerful digital certificate that can be used to forge the identity of any website on the internet is in the hands of in international band of security researchers, thanks to a sophisticated attack on the ailing MD5 hash algorithm, a slip-up by Verisign, and about 200 PlayStation 3s.

"We can impersonate Amazon.com and you won't notice," says David Molnar, a computer science PhD candidate at UC Berkeley. "The padlock will be there and everything will look like it's a perfectly ordinary certificate."

stay safe out there :)

jk