I have a security advisor that is telling me that we can't use wildcard SSL certs for security reasons. To be clear I much prefer using single certs or multi-domain certs (SAN). However we have a need for the server (plesk) to server 100s of subdomains.
Based on my research the main reason people site for not using wildcard is the following which appears to come from verisign:
- Security: If one server or sub-domain is compromised, all sub-domains
may be compromised. - Management: If the wildcard certificate needs to
be revoked, all sub-domains will need a new certificate. - Compatibility: Wildcard certificates may not work seamlessly with
older server-client configurations. - Protection: VeriSign Wildcard SSL Certificates are not protected
by NetSure extended warranty.
Since the private key, cert, and subdomain will all exist on the same server… replacement would be as simple as replacing this one cert and effect the same amount of users. Therefore is there another reason not to use a wildcard cert?
Best Answer
The only other 'gotcha' that I'm aware of is that Extended Validation certificates cannot be issued with a wildcard, so it's not an option if you're going for an EV certificate.
In terms of the security, you've hit the nail on the head - a single private key protects all domains that are under the wildcard. So, for instance, if you had a multi-domain SAN cert that covered
www.example.comandsomething.example.comget compromised, only those two domains are at risk for attack with the compromised key.However, if that same system were instead running a
*.example.comcert to handle SSL traffic forwwwandsomethingsubdomains and were compromised, then everything covered by that wildcard is potentially at risk, even services not hosted directly on that server - say,webmail.example.com.