Educause Security Discussion mailing list archives
Re: WildCard Certificates
From: Dexter Caldwell <dexter.caldwell () FURMAN EDU>
Date: Fri, 22 Nov 2013 12:37:42 +0000
I've been doing the same thing. One reason is the complexity in some of the cert replacements. If you don't do them often enough, you can actually spend a lot of time figuring out the process for quirky applics. Plus you limit the risk. It's not hard fast rule for us though. I use a longer cert if there is a compelling reason to do so. In some cases, I do use 1 year certs as well. Wildcard certs may need a longer timeline if you use them a lot of places so that you have time to deal with all the renewals. D/C -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gramke, Jim Sent: Friday, November 22, 2013 7:28 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] WildCard Certificates As a quick followup. What is general practice for the age of certificates? I have an informal practice of renewing every 2 years, as a balance between convenience and attempting to change out the keys once in a while. I'd be interested if anybody has any strong feelings one way or another on this issue as well. ________________________________________ From: Gramke, Jim Sent: Friday, November 22, 2013 6:21 AM To: The EDUCAUSE Security Constituent Group Listserv Subject: WildCard Certificates I've got an administrator who is pushing me towards using a wildcard certificate for our domain. I don't like the idea because if one server compromises the private key, all the other servers' ssl is also potentially compromised. Does anybody have any evidence or opinion for or against you'd be willing or eager to share? Thanks, Jim
Current thread:
- WildCard Certificates Gramke, Jim (Nov 22)
- Re: WildCard Certificates Gramke, Jim (Nov 22)
- Re: WildCard Certificates Dexter Caldwell (Nov 22)
- Re: WildCard Certificates Dexter Caldwell (Nov 22)
- Re: WildCard Certificates Gramke, Jim (Nov 22)