Re: Wildcard certs; to use or not to use

[Brian Helman <bhelman () SALEMSTATE EDU>]

We have been using wildcard certs for a few years now.  We do not use the same cert on all devices.  Data Center 
services (applications) use a couple certs; network devices (e.g. FW, VPN, etc) use another.   The cost of a wildcard 
isn’t that much more than a single-server cert (we use digicert) and it is widely supported.  They make cert-management 
much easier.  I would keep a separation of classes of devices you use certs on, but if one is ever compromised, it can 
always be revoked.

-Brian Helman

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Fox
Sent: Tuesday, December 04, 2012 10:19 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Wildcard certs; to use or not to use

Has anyone used wildcard certs for their university domain? What are the pros and cons? We are in the process of moving 
our public pages to a hosting site and I've been asked if wildcard certs can be used. I assessed using wild card certs 
in the past (based on the way they wanted to use them) and deemed the risk was to great.

The environment they want to do this in now is with multiple domains on one IP address.

Any input would be appreciated.

Mike Fox
Georgia Southern University
Information Security Office
(912)478-1592

Jeremiah 29:11-16