[nycbug-talk] Top Level Domain SSL Certificates

Brian A. Seklecki lavalamp at spiritual-machines.org
Fri Feb 29 11:55:02 EST 2008

On Fri, 29 Feb 2008, Matt Juszczak wrote:

> Hopefully this isn't going too off topic:
> One of my customers is interested in getting an SSL cert for his entire
> domain name (IE: *.bar.com instead of foo.bar.com).

Yea I've played this game.  Its stacked pretty well.

IE6 only honors one subdomain in wildcard certificates.

FF2.x honors a true wildcard.

EV certs only support one CN= and one subjAltName= value, if you're lucky. 
No wildcards available.  Grab your socks and pull. ~BAS

> Other than being more expensive, and in my opinion not the best idea
> security wise, what are other pros/cons?  Does anyone have any experience?
> Do these work well?

More information about the talk mailing list