Okay, so i have found a way through their API/System to get a fully functional SSL Certificate issued for free without any cost.
I have asked them if they have a bug bounty program, and said I have a few bugs any issues i can report. They were not very interested.
I even mentioned that i think i found a way to get SSL certs issues for free from them, without me paying anything. And they again did not seem interested at all.
This is all through the most used CA.
Yes you can get free SSLs through CAs like lets encrypt, but this is a CA that charges for their full term ( 1 year + ) SSL Certificates.
I have been spending my time/money working on their system for a while now, and have offered to provide details of issues with it. But they dont seem very interested in details at all.
Should i just let the public know? or just ignore it and move on.
( i just noticed my title asks, if i should let them know, when i already have (without interest by them ), sorry )