I just put some random text in a webform and got my browser-accepted certificate a few hours later.
I reckon you should blow the whistle on them, then. Try it with Verisign and Thawte though.
Cas 
They have no credibility with me. cough MD5.
At least Comodo has RSA-2048
personally don’t care which authority has signed the certificate (probably nor do end users), as long as Java shows the trusted certificate dialog and not the untrusted certificate dialog.