Their certificate looks fine to me. What is amusing is that even though they strip out critical display elements from the website (probably css), they still manage to display insecure content.
- Overly broad (*.fbi.com) could have used "Subject Alternative Name" to list sub-domains instead.
- 3 year duration (for the FBI?). I mean for small online shops, that is fine, but many companies are now rolling their certificates yearly or bi-yearly (e.g. Amazon, Bank Of America, HSBC, etc).
On the positive side they are using a 2048 bit key length. I dunno. I guess it depends to what standard you hold the FBI up to. If you think their site should be as secure as a banking site or large online retailer then they fail at that...
