Re: Wildcard certs; to use or not to use

[Matthew Hodgett <m.hodgett () QUT EDU AU>]

We do not use wildcard SSL certificates. While much of our infrastructure is centralised, the services running on top 
of it is not necessarily. We do have a web based system that service owners use to request certificates and also sends 
out reminders of pending expiration. It is easier for us to let service owners manage their environment than it would 
be keeping track of a wildcard certificate and its associate private key. In a large environment with many hands 
involved I would not trust a wildcard certificate to continue to be used appropriately over a longer period of time.

Matthew

On 05/12/12 01:19, Mike Fox wrote:
> Has anyone used wildcard certs for their university domain? What are the pros and cons? We are in the process of moving our 
> public pages to a hosting site and I've been asked if wildcard certs can be used. I assessed using wild card certs in 
> the past (based on the way they wanted to use them) and deemed the risk was to great.
>
> The environment they want to do this in now is with multiple domains on one IP address.
>
> Any input would be appreciated.
>
> *Mike Fox*
> Georgia Southern University
> Information Security Office
> (912)478-1592
>
> Jeremiah 29:11-16

--
Matthew Hodgett, MInfTech, CISSP
Senior IT Security Engineer | Queensland University of Technology
Phone: (07) 313 89454 | Fax: (07) 31382921

QUT Classifications, refer MOPP F/1.2.5
CRICOS No. 00213J

----DIGITAL SIGNATURE START----
A11I5BAD000769832858795AD56EC57E5C798A786E768DA87ED76F785EAFA7F577D
----END SIGNATURE----