[ngw] OT: WildCard Certificates

Randy Grein rgrein at q.com
Fri Feb 14 17:22:35 UTC 2014


Good point. Godaddy just happens to allow wildcard certs; we used them for several years.



Randy Grein
rgrein at q.com

''Death has a tendency to encourage a depressing view of war.''

—former Defense Secretary Donald Rumsfeld, 2003


On Feb 13, 2014, at 12:02 PM, Jeffrey Sessler <Jeff at ScrippsCollege.edu> wrote:

> Some cert issuing companies don't "allow" you to use a wildcard across servers i.e. you purchase the wildcard to support a number of sites on the same host. DigiCert on the other hand allows unlimited servers, and you can generate more than one wildcard. Generating more than one helps - say in the case a host is compromised, you can invalidate just that wildcard cert. If you use the same wildcard cert across everything, then you have to replace them all should you need to invalidate it. Also, it's nice if you need subject alternative names, you generate another wildcard with them, and just for the host that needs it.
> 
> Jeff
> 
>>>> On Thursday, February 13, 2014 at 11:13 AM, in message <52FCD2ED020000AB0002E946 at charlieb.queencitymetro.com>, "Alan Bens" <ABENS at go-metro.com> wrote:
> 
> I just got off the phone with Go-Daddy where we purchased a wild card
> certificate.  At first their support people told me you can not use a
> wild card certificate across multiple servers and OS's.  Then they said
> it could be done but it's difficult because you have to generate the CSR
> from the domain server, then get a PKI.
> 
> Does anyone know where I can find some documents on this so I can get
> my head wrapped around what their talking about?
> 
> 
> Thanks in Advance
> 
> Al B
> _______________________________________________
> ngw mailing list
> ngw at ngwlist.com
> http://ngwlist.com/mailman/listinfo/ngw




More information about the ngw mailing list