[nycbug-talk] Top Level Domain SSL Certificates
csnyder
chsnyder at gmail.com
Fri Feb 29 11:53:37 EST 2008
On Fri, Feb 29, 2008 at 11:30 AM, Matt Juszczak <matt at atopia.net> wrote:
> Hopefully this isn't going too off topic:
>
> One of my customers is interested in getting an SSL cert for his entire
> domain name (IE: *.bar.com instead of foo.bar.com).
>
> Other than being more expensive, and in my opinion not the best idea
> security wise, what are other pros/cons? Does anyone have any experience?
> Do these work well?
>
> Thanks!
>
> -Matt
The key for that certificate is going to be extremely valuable, and
your client is going to need to put a copy of it on every server in
their domain that wants to use the certificate.
If this is just about being able to put multiple SSL virtual hosts on
a single ip address, I think it's much better to use a "unified
communications cert" that uses the X.509v3 Subject Alternative Name
extension to apply a single certificate to multiple domain names.
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list