13

As you might know, Let's Encrypt doesn't offer wildcard certificates and it won't in a short-term because you can just order as many certificates as you want for the sub-domains.

This make me wonder... assuming money is not a problem so that I can request all the certificates I want (I know about the rate limits though), is there any advantage of using a wildcard certificate over requesting a certificate per subdomain?

The Illusive Man
  • 10,487
  • 16
  • 56
  • 88

2 Answers2

15

For websites which dynamically generate subdomains (for example, if users can create their own subdomain for some service), installing a certificate for each new subdomain is far from ideal, because you need to verify the ownership of the domain for each subdomain, followed by the installing of the certificate for each subdomain (which typically also requires a reboot of the web server).

In addition to activating new subdomains, managing many certificates (each with its own expiration date) quickly becomes a major hassle. All in all, this constitutes an increased complexity at the cost of no extra security.

So, in summary, the advantage of a wildcard certificate is in the lower administrative burden.

Jacco
  • 7,402
  • 4
  • 32
  • 53
  • 4
    Assuming you're using a different private key for each, I'd have thought using a per domain certificate DOES give you greater security. If you have a wildcard certificate used across multiple servers, and one of those servers has a weakness - the private key could be compromised and then used against a wider number of targets. The DROWN attack could be an example of this. – Mark Kelly Apr 20 '16 at 09:22
  • 1
    Additionally, browsers not supporting [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication) show certificate errors when using multiple certificates at the same IP address, but work with multiple subdomains in one wildcard certificate. But browsers without SNI support are obsolete and also don't support secure encryption. – Josef Jul 13 '16 at 07:29
  • 2
    Are you sure about advising people to have a separate certificate on each server? While it is more secure, certificates are (usually) not free, and there are overheads. Almost all clusters I've audited share the certificate - and this includes online banking platforms. – paj28 Aug 02 '16 at 08:18
  • 1
    If you pick the right Certificate Authority, you are audited for a domain and can create as many certificates as you like, for the domain(s) you have been audited for. – Jacco Aug 02 '16 at 10:04
  • 1
    @Jacco - I've thought about this some more and I definitely disagree with your advice. An attacker only needs to steal one cert to impersonate your website, so using separate ones does not reduce impact. Now, you might say "I can revoke that and use the others". Sure - but they could have been compromised as well. What you really want is a backup cert in secure offline storage. This is recommended practice for HPKP already. – paj28 Aug 02 '16 at 10:32
8

Additional point to consider is that all certificates issued by Let's Encrypt (and by other issuers) can be viewed in Certificate Transparency logs, so if you issue certificates without using wildcards, all your subdomains can be easily enumerated by anyone.

It isn't always a problem, but in some cases it can make attacker's life easier. For example, it can help him discover some hidden services, like repository, build server, etc.

crt.sh is an example of the site which provides these logs.

WGH
  • 180
  • 1
  • 4
  • Good point! It doesn't seem to mention LetsEncrypt under the "*CT Logs currently monitored*" section on [this page](https://crt.sh/?a=1) though. I also entered a domain name I recently got a LetsEncrypt certificate for into the search and it didn't find it. – mehov Nov 14 '16 at 09:35
  • Okay, found it: [crt.sh/?Identity=%&iCAID=7395](https://crt.sh/?Identity=%25&iCAID=7395) (source: https://simonecarletti.com/blog/2016/02/things-about-letsencrypt/#certificate-transparency) – mehov Nov 14 '16 at 10:46