IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [wildcard]

32 questions
20
votes
3 answers

How many hostnames can be supported by a wildcard ssl certificate? Is there any limit?

How many hostnames can be supported by a wildcard ssl certificate? Is there any limit ?
Arun
  • 201
  • 1
  • 2
  • 3
19
votes
3 answers

Chrome SSL Warning: "You cannot proceed because the website operator has requested heightened security for this domain. "

I'm trying to go to the URL below, and Chrome warns me that the wildcard certificate is not valid for this domain. https://chart.apis.google.com/chart?cht=qr&chs=100x100&chl=otpauth%3A%2F%2Ftotp%2FTest123%204%3Fsecret%3DTKQWCOOJ7KJ4ZIR At first I…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
16
votes
2 answers

Internal CA issues wildcard certificate

Few of our web servers are managed by an outsourced partner who works as us in the same office, uses our laptops connected to our corp network, and has user accounts in our AD. They requested and applied wildcard certificates to make some of the IIS…
Manu
  • 261
  • 2
  • 5
14
votes
4 answers

Security concerns issuing wildcard certificates to individual employees

We recently setup a two tier internal certificate authority. We also disseminate Root CAs via Active Directory so certificates from our internal CA are automatically trusted by every (Windows) system in our network. Our devs need SSL certificates…
Brad
  • 613
  • 6
  • 12
14
votes
3 answers

Why can't Let's Encrypt support wildcard certificates?

Let's Encrypt claims: We do not offer Organization Validation (OV), Extended Validation (EV), or wildcard certificates, primarily because we cannot automate issuance for those types of certificates. To be honest, I... don't believe them. Why…
user541686
  • 2,502
  • 2
  • 21
  • 28
8
votes
2 answers

Is lack of wildcard DNS entry a security vulnerability?

A friend of a friend received an email from a security researcher that looks legit. Researcher submitted several vulnerabilities, one of the them reads like this Vulnerability # ... Title : Lack of wildcard DNS Entry! Description : The risk of…
oleksii
  • 1,046
  • 1
  • 9
  • 19
3
votes
1 answer

Wildcard DNS entry from a security PoV

We are going to release our new product which will have customers create their own subdomains. This requires having a wildcard DNS on our main domain (We have no other options, right?) Are there any disadvantages (from a security point of view) in…
Sreeraj
  • 1,297
  • 1
  • 13
  • 21
3
votes
3 answers

Single Domain SSL Certificate vs Wildcard Certificate

Probably a rather odd question, but something that came to mind. Wildcard certificates are about 10 times more expensive than a single certificate. However with a single certificate, you can secure sub-domains like secure.example.com ect... My…
Alien595
  • 39
  • 1
  • 2
2
votes
1 answer

What web browsers support ECC vs DSA vs RSA for SSL/TLS?

We are updating our wildcard certificate and see that we have the option to use both RSA or DSA with Symantec (for free), while Digicert offers 3 options for wildcards ECC, DSA and RSA. Is there a compatibility matrix for which browsers support ECC?…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
2
votes
3 answers

Server Certificates, certificate authority, and servers

I currently have a valid wildcard certificate installed on OS X 10.8.2 server. To make sure we know what I'm talking about the cert is *.domain.com (example only) I'd love to use this to secure as much of everything as I can. Can I use this…
Everett
  • 1,506
  • 1
  • 12
  • 20
2
votes
1 answer

How do partial wildcards in subjectAltName dNSName interact with IDNA domains?

For instance if I run IDNA encode bücher.tld you receive xn--bcher-kva.tld. Now imagine the certificate for https://bücher.tld has the following field within subjectAltName: (dNSName, xn--bcher*.tld). Would this mean that the certificate would match…
Seth Larson
  • 21
  • 1
2
votes
1 answer

Why no SSL certificate with multiple subdomains

I know that you can't use a SSL wildcard certificate for multiple subdomains. e.g. If I have a certificate for *.example.com I can use it for domains like test.example.com but not for test.test.example.com. Why is that? I don't see a security reason…
Lars
  • 121
  • 3
1
vote
2 answers

Is there a Standard Verification process for Certificate Authorities to follow?

So the premise of the question is to quantify the risk of wild card certificates versus regular certificates. From my research the greatest fundamental danger of wild card certificates is the possibility of compromising a weak system, getting the…
Brett Littrell
  • 355
  • 2
  • 10
1
vote
1 answer

Wildcard Certificates and Client Authentication for Machine Authentication

If a wildcard certificate is provisioned for *.domain.fqdn, and has Client Authentication as a defined usage, does this mean the certificate can be used to essentially impersonate any domain machine? My understanding is that it is up to the…
SmithPlatts
  • 113
  • 4
1
vote
2 answers

HTTPS IP devices and certificate best practices, why can't I sign a certificate for my local ip device?

I have a IPv4 network behind a pfSense firewall at my small business. We have around 200 IP devices on the network. We have about 30 Axis IP cameras which have MJPG streams embedded into webpages as img tags. The webserver is internal and external…
David Sindar
  • 11
  • 2
1
2 3