[nycbug-talk] Top Level Domain SSL Certificates

csnyder chsnyder at gmail.com
Fri Feb 29 11:53:37 EST 2008


On Fri, Feb 29, 2008 at 11:30 AM, Matt Juszczak <matt at atopia.net> wrote:
> Hopefully this isn't going too off topic:
>
>  One of my customers is interested in getting an SSL cert for his entire
>  domain name (IE: *.bar.com instead of foo.bar.com).
>
>  Other than being more expensive, and in my opinion not the best idea
>  security wise, what are other pros/cons?  Does anyone have any experience?
>  Do these work well?
>
>  Thanks!
>
>  -Matt

The key for that certificate is going to be extremely valuable, and
your client is going to need to put a copy of it on every server in
their domain that wants to use the certificate.

If this is just about being able to put multiple SSL virtual hosts on
a single ip address, I think it's much better to use a "unified
communications cert" that uses the X.509v3 Subject Alternative Name
extension to apply a single certificate to multiple domain names.

-- 
Chris Snyder
http://chxo.com/



More information about the talk mailing list