The Risks In Wildcard Certificates
Larry Seltzer has written a short article on the risks in using Wildcard certificates that focuses primarily on VeriSign's reasoning. If you aren't aware, a wildcard SSL certificate is a certificate that will secure all first-level subdomains of single domain name. Wildcard certificates have many advantages as well as some disadvantages. Larry explains:
I have received many notes from vendors about them, both as press and as a prospective customer. Most CAs (certificate authorities) clearly see them as a way to grow markets. If you've got a lot of domains you can save a lot of money with a wildcard certificate relative to buying individual certificates for them, but not from all vendors. VeriSign, the 800 lb. gorilla in the CA room, prices wildcard certs by the domain being protected, so that they don't save much, if any money outright.
There is still a potential to save in convenience of administration with a wildcard certificate. But there are real downsides to wildcard certificates. When things go wrong the convenience may evaporate quickly. The VeriSign site lists their take on the disadvantages of wildcard certs:
- Security: If one server or sub-domain is compromised, all sub-domains may be compromised.
- Management: If the wildcard certificate needs to be revoked, all sub-domains will need a new certificate.
- Compatibility: Wildcard certificates may not work seamlessly with older server-client configurations.
- Protection: VeriSign Wildcard SSL Certificates are not protected by NetSure extended warranty.
The point on security is a valid concern. However, some certificate providers, like DigiCert, allow you to create as many new wildcard certificates (using the same domain name) as needed for all of your servers, each with a unquie private key. This makes the wildcard certificate just as secure as a single domain name certificate but does make things a little more difficult to manage. Even without such a service, how often is a private key compromised anyway? Not that you should take security lightly, but if you secure your internal network in other ways, the chances that any SSL certificate would be compromised is next to none.
A similar point can be made about revoking certificates. How often do most companies revoke a certificate? The main reason to do so if if the private key is compromised which we've already noted to be out of the ordinary.
Compatibility can certainly be an issue but there are very few major systems that don't support wildcard certificates. The only ones to note include Windows Mobile 5 devices and certain services in Exchange Server 2007. Finally, the last point about a warranty only applies to Verisign and is irrelevant.
All-in-all, wildcard certificates offer a very powerful and safe solution for securing multiple subdomains. It is important to understand the risks you are taking but in most situations they are minimal and allow you to save hundreds, if not thousands, of dollars. And every dollar counts these days.
The Risks In Wildcard Certificates - [eWeek]
Originally posted on Sun Oct 19, 2008