Home page logo

basics logo Security Basics mailing list archives

Re: wildcard SSL, is this a bad thing?
From: Andre Pawlowski <sqall () h4des org>
Date: Fri, 24 Apr 2009 08:30:53 +0200

The only risk I can see is that this certificate can match to more than only your 4 servers. If someone can crack your network and set up a server with a domain foobar.intranet.company.com he can use this certificate (and no one will get a missmatch) for this server.

But despite this scenario I would do the same thing for your problem.
[] Andre Pawlowski

visit http://h4des.org

This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]