If you download the discord client, unpack it, and look in the bootstrap folder (which should be next to the app.asar folder), you'll find discord_rpc.zip. Unpack that, look in data, and you'll find this_is_not_a_security_issue.{crt,key} which is the public and private key for an HTTPS certificate for *.discordapp.io, which is a domain that resolves to 127.0.0.1. This could be useful for testing HTTPS on localhost.
This is not permitted by Comodo's policy. I am going to report this to Comodo. Edit: contacting Discord first to let them know that they need to change this.<p>Please see the recent discussion on this practice (which mentions Discord):<p><a href="https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/eV89JXcsBC0" rel="nofollow">https://groups.google.com/forum/#!topic/mozilla.dev.security...</a><p>Follow-up: I wrote to Discord to point out this m.d.s.p thread to them and am holding off on my report to Comodo to wait to hear back from Discord about their intentions.<p>Note that section 6.1.2 of the CA/Browser Forum Baseline Requirements says "If the CA or any of its designated RAs become aware that a Subscriber’s Private Key has been communicated to an unauthorized person or an organization not affiliated with the Subscriber, then the CA SHALL revoke all certificates that include the Public Key corresponding to the communicated Private Key."
You can generate one for yourself. Look for tutorials on self-signed certificates. You'll have to import the CA to your browser to make it trusted, bit for testing that should be just fine.