> Their certificate authority can issue whatever certificates it wants for whatever kind of network topology or application use cases or whatever else they need to support.

But that means that other customers can get a trusted certificate for the exact same ip address, right?