Can a certificate be a wildcard for any domain?

 
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates
View previous topic :: View next topic  
Author Message
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Thu Nov 15, 2007 2:53 am    Post subject: Can a certificate be a wildcard for any domain? Reply with quote

Can I set a certificate's domain to use just * or is that a bad idea?

I'm resetting up my website (since I switched to my P3 Server) and this is pretty much the last thing left. I'm also wondering if there's an incompatibility with using 1024 or 2048 bit keys.
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
aprelium-beta
-


Joined: 24 Jun 2004
Posts: 383

PostPosted: Thu Nov 15, 2007 6:29 pm    Post subject: Re: Can a certificate be a wildcard for any domain? Reply with quote

rrinc wrote:
Can I set a certificate's domain to use just * or is that a bad idea?

I'm resetting up my website (since I switched to my P3 Server) and this is pretty much the last thing left


You can generate a self-signed certificate which matches with any domain of the form xxx.yyy.zzz using:

*.*.*

To match with yyy.zzz form domain names: *.*
To match with domain names with a single component zzz: *

To have a certificate that matches with all these forms, have its common name set to:

Code:
* *.* *.*.*


This is a multiple value common name and will match with any of these domain names.

Quote:
. I'm also wondering if there's an incompatibility with using 1024 or 2048 bit keys.


What kind of incompatibility are you referring to here? 2048 bit keys are just longer and more secure than 1024 bit keys. They also need more time to be generated and encrypting SSL connections with them needs more CPU ressources than with 1024 keys.
_________________
Beta Testing Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
rrinc
-


Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA

PostPosted: Sat Nov 17, 2007 3:20 am    Post subject: Reply with quote

By incompatibility I meant for web browsers supporting it. I'm guessing that they do support it though. But, say if you pumped out support for even larger keys, would browsers support them? (Not that I want to use say a 4096 bit key, I'm just curious). Right now I'm using a 1024 bit key, what would you recommend?
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados.
Back to top View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Sat Nov 17, 2007 1:33 pm    Post subject: Reply with quote

rrinc wrote:
By incompatibility I meant for web browsers supporting it. I'm guessing that they do support it though. But, say if you pumped out support for even larger keys, would browsers support them? (Not that I want to use say a 4096 bit key, I'm just curious). Right now I'm using a 1024 bit key, what would you recommend?


Modern browsers will all support 2048 bit keys with no problems. 1024 bit keys are almost (no more) secure and theirs days are counted ( http://my.opera.com/yngve/blog/2007/06/15/51-2-bit-banks ). If we find a detailed list of the maximum key length that is supported by each browser version/type, we'll post it here.
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group