[ic] Re: Recommendation for CA to issue Certs. (now wildcard
cert info)
Julia Jacobs
interchange-users@interchange.redhat.com
Thu Feb 21 13:30:01 2002
On 2/21/02 11:22 AM, "Barry Treahy, Jr." <Treahy@mmaz.com> wrote:
> Is there a difference here or are you equating subdomains to hosts
> within a domain and is Thawte doing this same thing?
>
> Regards,
>
> Barry
Barry,
Here is some wildcard cert info from Thawte's website:
A wildcard certificate is a single certificate, with a wildcard character
in the domain name field. This allows the certificate to secure multiple
hosts within the same domain. For example, a certificate for ' *.domain.com
', could be used for www.domain.com, www1.domain.com, www2.domain.com, in
fact, any host in the domain.com domain. When a client checks the host name
in this certificate it uses a shell expansion procedure to see if it
matches.
Please note: While Microsoft officially disapprove of wildcard certificates,
they have included a patch in SP1 for Win2000 which introduces wildcard
support (on the client side) and users who do not have this SP installed
will receive errors when connecting to a site with a wildcard certificate.
1. When should I request a WildCard Certificate?
You should request a wildcard cert if you wish to secure a number of sub
domains, such as 'secure.domain.com', 'www.domain.com', and
'hellfire.domain.com' with a single certificate. You can do this with a
wildcard certificate that looks like *.domain.com. Note, you should check
your software documentation to make sure your server supports wildcard
certificates.
When creating your CSR (Certificate Signing Request), use a * in the domain
name field, and submit it through Thawte's online enrolment through the URL
provided to you by the sales executive. It should look something like,
*.domain.com.
NOTE: For IIS 5 requests please be sure to request the certificate without
the * in the domain field. We will add this for you manually. When
generating the CSR, please exclude the * .
3. What Documentation Must be Submitted?
The same documents required for SSL certificates will be sufficient to prove
your eligibility for a WildCard Certificate.
4. Browser and Server Compatibility
Wildcard certs work with (almost) all servers. At this stage, 4D WebSTAR
Server
Suite/SSL supports wildcards. MS IIS 4 and lower do not properly support
wildcard certificates.
IIS 5 however, will support Thawte wildcard requests, but please be sure to
request the certificate without the * in the domain field. We will add this
for you manually.
[Note: I edited out a lot of Thawte FAQ links and the like as I did not feel
it appropriate to advertise Thawte's serves here. Believe me I am NOT in
any way shape or form a Thawte reseller, afilliate or sales rep. Just
trying to pass some info about wildcard certs]
--
Julia Jacobs
Currant Media
407-977-4523
Fax 407-261-0176
http://www.currantmedia.com
Members of The Better Business Bureau
* Multimedia Producers
* Web Design & Development
* 2D/3D Graphics/Animation
* Hosting, domain and e-mail
* E-Commerce check, credit card validation