Educause Security Discussion
mailing list archives
Re: Wildcard certs; to use or not to use
From: Brian Helman <bhelman () SALEMSTATE EDU>
Date: Tue, 4 Dec 2012 15:44:08 +0000
We have been using wildcard certs for a few years now. We do not use the same cert on all devices. Data Center
services (applications) use a couple certs; network devices (e.g. FW, VPN, etc) use another. The cost of a wildcard
isn’t that much more than a single-server cert (we use digicert) and it is widely supported. They make cert-management
much easier. I would keep a separation of classes of devices you use certs on, but if one is ever compromised, it can
always be revoked.
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Fox
Sent: Tuesday, December 04, 2012 10:19 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Wildcard certs; to use or not to use
Has anyone used wildcard certs for their university domain? What are the pros and cons? We are in the process of moving
our public pages to a hosting site and I've been asked if wildcard certs can be used. I assessed using wild card certs
in the past (based on the way they wanted to use them) and deemed the risk was to great.
The environment they want to do this in now is with multiple domains on one IP address.
Any input would be appreciated.
Georgia Southern University
Information Security Office
Re: Wildcard certs; to use or not to use Mike Wiseman (Dec 04)