SSL Wildcard Certificate
Question
I'm looking for a wildcard certificate for a company *.domain.com. I don't need extended validation. Entry level questions:
Should I buy level 2 or level 3 certificate? What's the main difference?
Can I install (use) the same certificate/key pair in different machines (different IPs)? Some CAs ask for dedicated IP as a requirement, but I'd like to use SNI for multiple virtual hosts.
In general, is it a good idea to rely on SNI support?
1 answers
solution1
0 ACCPTED 2014-09-19 08:40:10
Should I buy level 2 or level 3 certificate? What's the main difference?
The difference is the number of intermediate CAs, which should not matter. Different CAs might have additional differences between the certificates, like life-time etc but this depends on the CA.
Can I install (use) the same certificate/key pair in different machines (different IPs)? Some CAs ask for dedicated IP as a requirement, but I'd like to use SNI for multiple virtual hosts
There is no restriction using the same certificate for different IP, different ports, multiple machines etc as long as the host name in all cases matches the certificate. Of course each of the machines needs access to the private key, so you increase your attack surface with more machines.
In general, is it a good idea to rely on SNI support?
It depends what kind of systems you need to support. If you expect only newer browsers as clients SNI is ok. But, SNI is not supported by IE8 (Windows XP), some Android applications (because of an old version of Apache HTTP library), older versions of Java and older versions of script languages like Python, Perl etc which often gets used to automate tasks.
If you want to use the certificates not only for web but also for mail the situation might be even worse.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.