| View previous topic :: View next topic |
| Author |
Message |
rrinc
-
Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA
|
 Posted: Thu Nov 15, 2007 2:53 am Post subject: Can a certificate be a wildcard for any domain? |
 |
|
Can I set a certificate's domain to use just * or is that a bad idea?
I'm resetting up my website (since I switched to my P3 Server) and this is pretty much the last thing left. I'm also wondering if there's an incompatibility with using 1024 or 2048 bit keys.
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados. |
|
| Back to top |
     |
 |
aprelium-beta
-
Joined: 24 Jun 2004
Posts: 383
|
| Posted: Thu Nov 15, 2007 6:29 pm Post subject: Re: Can a certificate be a wildcard for any domain? |
|
|
| rrinc wrote: | Can I set a certificate's domain to use just * or is that a bad idea?
I'm resetting up my website (since I switched to my P3 Server) and this is pretty much the last thing left |
You can generate a self-signed certificate which matches with any domain of the form xxx.yyy.zzz using:
*.*.*
To match with yyy.zzz form domain names: *.*
To match with domain names with a single component zzz: *
To have a certificate that matches with all these forms, have its common name set to:
This is a multiple value common name and will match with any of these domain names.
| Quote: | | . I'm also wondering if there's an incompatibility with using 1024 or 2048 bit keys. |
What kind of incompatibility are you referring to here? 2048 bit keys are just longer and more secure than 1024 bit keys. They also need more time to be generated and encrypting SSL connections with them needs more CPU ressources than with 1024 keys.
_________________
Beta Testing Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
rrinc
-
Joined: 24 Feb 2006
Posts: 725
Location: Arkansas, USA
|
| Posted: Sat Nov 17, 2007 3:20 am Post subject: |
|
|
By incompatibility I meant for web browsers supporting it. I'm guessing that they do support it though. But, say if you pumped out support for even larger keys, would browsers support them? (Not that I want to use say a 4096 bit key, I'm just curious). Right now I'm using a 1024 bit key, what would you recommend?
_________________
-Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados. |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Sat Nov 17, 2007 1:33 pm Post subject: |
|
|
| rrinc wrote: | | By incompatibility I meant for web browsers supporting it. I'm guessing that they do support it though. But, say if you pumped out support for even larger keys, would browsers support them? (Not that I want to use say a 4096 bit key, I'm just curious). Right now I'm using a 1024 bit key, what would you recommend? |
Modern browsers will all support 2048 bit keys with no problems. 1024 bit keys are almost (no more) secure and theirs days are counted ( http://my.opera.com/yngve/blog/2007/06/15/51-2-bit-banks ). If we find a detailed list of the maximum key length that is supported by each browser version/type, we'll post it here.
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
|
|
|
@abyssws