Yes that's true. Though it's off topic, check out http://www.certificate-transparency.org/  .... it's a project to force CA's to publish all certs they make publicly.