Results 1 to 3 of 3
-
06-06-2011, 10:47 AM #1WHT Addict
- Join Date
- Feb 2005
- Posts
- 127
Understanding SSL certificates - wildcard, 'CA certificate', root certs
If we've got multiple domains under a common domain needing SSL certificates, I understand that a wildcard certificate would do the trick.
If we've got multiple subdomains under several domains, then I'd need a certificate (or wildcard certificate, if each has subdomains) for each higher-level domain. But just like you can create a 'CA certificate' or a regular certificate using openssl, if I were to create a CA certificate signing request and buy a CA certificate, would I then be able to use that CA certificate to create certificates for all our domains and subdomains as much as we want?
Some questions about it:
1. If what I've described above is even possible, what's the disadvantage to going with the CA certificate option?
2. Is there any downside, apart from price, with going with a wildcard domain certificate and not two regular certificates - one for domain.com and one for sub.domain.com? (I think I remember reading somewhere wildcards weren't 'official' or something like that...dunno)
Also, what things should I look for when buying a certificate? For example, if I've understood the concept of a 'root' certificate correctly then you want to look for a certificate that has been signed by the top-level certificate authorities rather than signed by an authority that has been signed by a top-level authority.
But when I look at the list of certificate authorities installed by default in Firefox, they all look like top-level authorities. So basically, any certificate that works without warnings in Firefox would work as well as any other?
(I realize that some authorities do a better series of checks to ensure you're legit, but if a client gets no browser warnings for a certificate signed by a company that does rigorous checks vs one that doesn't, then for me I don't consider strength of background checks as being a criteria in my decision.)
-
06-06-2011, 02:31 PM #2Aspiring Evangelist
- Join Date
- Aug 2002
- Location
- Milton Keynes
- Posts
- 354
You cannot merely buy a 'CA certificate', the closest you could easily come (without jumping through $100k+ of hoops, security, procedure, ISO certification etc.) is to become a reseller.
The whole concept of having a central trusted authority and a clear chain of trust breaks down if they give out certificates to anybody.
A wildcard certificate will work for all direct subdomains of example.com, e.g. derp.example.com and are perfectly valid. If you foresee yourself needing more than about 5 certificates (depending on price) then it's probably better and easier to go with a standard certificate.
Most CAs will let you choose a domain name and a single subdomain for standard certificates, e.g. example.com and secure.example.com, or example.com and www.example.com.
-
06-08-2011, 07:38 AM #3Newbie
- Join Date
- Jun 2011
- Posts
- 9
you need a wildcard certificate when you want to use it on multiple subdomain. but if you will have only one domain and one subdomain then two root certificate will also do the trick.
you do not need wildcard unless until you want to cut down on the cost for using same cert on multiple subdoamin.
Similar Threads
-
GlobalSign SSL Certificates with HackAlert! Wildcard Certificates as low as $30/yr!
By GarrisonHost-John in forum Other Hosting OffersReplies: 11Last Post: 04-09-2011, 02:48 AM -
AlphaSSL/GlobalSign SSL Certificate Sale! Wildcard Certificates as low as $30/yr!
By GarrisonHost-John in forum Other Hosting OffersReplies: 0Last Post: 03-26-2011, 12:29 AM -
AlphaSSL/GlobalSign SSL Certificate Sale! Wildcard Certificates as low as $30/yr!
By GarrisonHost-John in forum Other Web Hosting Related OffersReplies: 0Last Post: 03-23-2011, 01:07 AM -
AlphaSSL/GlobalSign SSL Certificate Sale! Wildcard Certificates as low as $45!
By GarrisonHost-John in forum Other Hosting OffersReplies: 1Last Post: 03-19-2011, 01:41 PM -
SSL Certificates from $10.00 Year / Multi Server Wildcard Certs from $135.20 Year
By AndyGambles in forum Other Web Hosting Related OffersReplies: 0Last Post: 02-12-2007, 09:19 AM