[ic] Re: Recommendation for CA to issue Certs. (now wildcard cert info)

Barry Treahy, Jr. interchange-users@interchange.redhat.com
Thu Feb 21 13:46:01 2002 

Julia Jacobs wrote:

>On 2/21/02 11:22 AM, "Barry Treahy, Jr." <Treahy@mmaz.com> wrote:
>
>>Is there a difference here or are you equating subdomains to hosts
>>within a domain and is Thawte doing this same thing?
>>
>>Regards,
>>
>>Barry
>>
>
>Barry,
> 
>Here is some wildcard cert info from Thawte's website:
>
>  A wildcard certificate is a single certificate, with a wildcard character
>in the domain name field. This allows the certificate to secure multiple
>hosts within the same domain. For example, a certificate for ' *.domain.com
>', could be used for www.domain.com, www1.domain.com, www2.domain.com, in
>fact, any host in the domain.com domain. When a client checks the host name
>in this certificate it uses a shell expansion procedure to see if it
>matches.
>
>Please note: While Microsoft officially disapprove of wildcard certificates,
>they have included a patch in SP1 for Win2000 which introduces wildcard
>support (on the client side) and users who do not have this SP installed
>will receive errors when connecting to a site with a wildcard certificate.
>
>1. When should I request a WildCard Certificate?
>You should request a wildcard cert if you wish to secure a number of sub
>domains, such as 'secure.domain.com', 'www.domain.com', and
>'hellfire.domain.com' with a single certificate. You can do this with a
>wildcard certificate that looks like *.domain.com. Note, you should check
>your software documentation to make sure your server supports wildcard
>certificates. 
>
Extactly, this is as I understood it so why are they calling this 
subdomains?  Wouldn't A.COM be the domain for A and B.A.COM have a 
subdomain B for domain A?

Would it not appear that Thawte is altering their definition of 
wildcards from supporting any hosts within a domain to defining 
subdomains?  What happens if you do not use subdomains?

Barry


>
>
>When creating your CSR (Certificate Signing Request), use a * in the domain
>name field, and submit it through Thawte's online enrolment through the URL
>provided to you by the sales executive. It should look something like,
>*.domain.com.
>
>NOTE: For IIS 5 requests please be sure to request the certificate without
>the * in the domain field. We will add this for you manually. When
>generating the CSR, please exclude the * .
>
>3. What Documentation Must be Submitted?
>The same documents required for SSL certificates will be sufficient to prove
>your eligibility for a WildCard Certificate.
>
>4. Browser and Server Compatibility
>Wildcard certs work with (almost) all servers. At this stage, 4D WebSTAR
>Server
>Suite/SSL supports wildcards. MS IIS 4 and lower do not properly support
>wildcard certificates.
>
>IIS 5 however, will support Thawte wildcard requests, but please be sure to
>request the certificate without the * in the domain field. We will add this
>for you manually.
>
>[Note: I edited out a lot of Thawte FAQ links and the like as I did not feel
>it appropriate to advertise Thawte's serves here.  Believe me I am NOT in
>any way shape or form a Thawte reseller, afilliate or sales rep.  Just
>trying to pass some info about wildcard certs]
>

-- 

Barry Treahy, Jr  *  Midwest Microwave  *  Vice President & CIO 

E-mail: Treahy@mmaz.com * Phone: 480/314-1320 * FAX: 480/661-7028