1

I'm working with the registry for .wiki, a new generic top level domain set for public availability in June 2014. We're going to be giving away hosted wikis to registrants of .wiki domains and I'd like to use only https across the board on these wikis.

Purchasing an ssl cert for each second level domain is cost prohibitive and I see from Can a wildcard SSL certificate be issued for a second level domain? that web browsers reject *.tld certs.

We control the nameservers and webservers for all the .wikis we host and prepared for legwork if need be (e.g., convincing browser manufacturers to support a *.wiki cert).

What mechanisms can you think of that would allow us to inexpensively offer https across a wide swath of the *.wiki space?

Community
  • 1
Brandon CS Sanders
  • 13
  • 3

2 Answers2

2

I don't think this is going to work. Some of the hostnames under .wiki will be under your control. But a wildcard cert for the TLD would allow you to masquerade as the authoritative server for any .wiki hostname, even ones that you don't provide hosting for.

Stephen Touset
  • 5,736
  • 1
  • 23
  • 38
1

Your best bet is to approach a certificate authority to get a signing certificate with authority for that TLD. They should be able to issue you an intermediate certificate, but you will need to be ready to take on CA level security to do it. You could also try to get established as your own CA, but that would probably be more costly.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
  • This is a good idea, thanks. I'm also considering the various reseller programs ... that at least would get the cost of the certs down as far as possible. Still too expensive for the free wikis though. – Brandon CS Sanders Feb 21 '14 at 04:53