This is especially helpful if you run your own servers. If you are presented with an error message or warning that the signature has changed or does not match the IP/domain you are connecting to you always want to verify manually.
So your e-mail/web client will show you an SHA-1 fingerprint like this:
"Could not verify this certificate because the issuer is unkown" or other reasons such as a mismatch in IP/domain.
It will also show you........
This is something that happens a lot and it is very dirty, as you probably know each site is hosted on a certain IP address. Sometimes a domain is hosted by a single IP address and the IP address defaults to this very same domain.
This means that if someone buys domain abcd.com and enters your IP address (the one of your website) as the A record, your content will show up on their domain as if it was their own.
There is an easy way to prevent this by using .htacces........