Home page logo
/

basics logo Security Basics mailing list archives

wildcard SSL, is this a bad thing?
From: Derek Robson <robsonde () gmail com>
Date: Thu, 16 Apr 2009 13:39:03 +1200

do wildcard SSL cert's have a bigger security risk?

we are building 4 new servers for our internal intranet staff directory.
we will have a c-name for each server.

this way we can point any c-name at any server for DR and maintance outages.

the old system was to have an SSL cert for each server.
svr1.intranet.company.com
svr2.intranet.company.com
svr3.intranet.company.com
svr4.intranet.company.com

problem is that if we re-point a c-name we will get a SSL cert mis-match.

my plan is to make each server use a wildcard SSL cert of *.intranet.company.com
I know my solution will solve the problem but is it a security risk?
is this a bad thing?

what security risks am I opening up?

thanks

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]