On 30 Mar 2010, at 15:05, Adrian Barker wrote:
> We would be interested in wildcard certificates from Ukerna. Apart from Ezproxy, we have a number of web servers that host multiple applications or web sites for departments, and these often need https.
From a security point of view, even if JANET(UK) do start supporting wildcard certs through the certificate service, it'd still be recommended to have separate "real" certs in the kind of case when you're running several vhosts on the same machine.
Using wildcard certs for that kind of thing is not really good security practice... If your private key is compromised, all hosts are affected; if a cert needs to be revoked, all sites are affected, etc.
EZproxy is one of those few cases where a wildcard cert is "necessary". But that might a big enough use case for the Janet SCS to enable wildcard certs.
R.
--
----------------------------------------------------------------------
Dr Rhys Smith e: [log in to unmask]
Engineering Consultant: Identity & Access Management (GPG:0xDE2F024C)
Information Services,
Cardiff University, t: +44 (0) 29 2087 0126
39-41 Park Place, Cardiff, f: +44 (0) 29 2087 4285
CF10 3BB, United Kingdom. m: +44 (0) 7968 087 821
----------------------------------------------------------------------
|