Home page logo
/

basics logo Security Basics mailing list archives

Re: wildcard SSL, is this a bad thing?
From: Andre Pawlowski <sqall () h4des org>
Date: Fri, 24 Apr 2009 08:30:53 +0200

The only risk I can see is that this certificate can match to more than only your 4 servers. If someone can crack your network and set up a server with a domain foobar.intranet.company.com he can use this certificate (and no one will get a missmatch) for this server.

But despite this scenario I would do the same thing for your problem.
--
[] Andre Pawlowski

visit http://h4des.org






------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]