That much I know. That isn't the issue.
The key is listed as not being issued by a trusted authority. So anyone could have created a key; the point of the trusted certificate roots is that you don't have to verify every key you use, someone who has (in theory) pockets and could be sued for issuing invalid certificates has issued them.
I expected someone that knows the web site to come back and say, "Yes, I know that that is the correct finger print". I expected something like "I don't know why it says untrusted authority; we got the key from Equifax, and there's no error on my system". I don't know if the key is valid, and (A: My system's list of roots is bad, or B: it's from a new division of Equifax that hasn't gotten into the list of trusted roots yet), the key is valid but issued by someone that the web admins thought was equifax but wasn't, there is some massive MITM attack going on, or what.
Now, in reality, bad certificates have been issued in large numbers. No one is sueable for "Well, I thought this was a valid royalty certificate for Nigeria". You can't trust an SSL certificate to guarantee that the entity at the other end is who you think. And given the flaws in SSL that came to light recently (as well as last year's DNS flaws), you can't even be sure about no man-in-the-middle or eavesdroppers without a brand new certificate dated later; that still requires that you know that no one has duplicated the certificate authority's md5-hash and has a bogus CA key. (All of those are real, known flaws, starting with Dan's DNS flaw.)
