GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Wildcard certificate
Wildcard certificate [message #148214] Fri, 05 June 2020 10:22 Go to next message
pm24 is currently offline  pm24
Messages: 3
Registered: January 2018
I want to buy wildcard certificate for our all domain (eg. company.com ).
What is the best course of action?
Create CRC request in Kerio-connect or create request in SSL market
If I use a CRC request in Kerio-Connect, what form "hostname" should I use ? Should I use name with wildcard or without it?
Example:
my domain: company.com
mail server: mail.company.com
Certificate requests : hostname = "*.company.com" or "company.com"

Thx.
Peter
Re: Wildcard certificate [message #148219 is a reply to message #148214] Fri, 05 June 2020 18:16 Go to previous messageGo to next message
j.a.duke is currently offline  j.a.duke
Messages: 239
Registered: October 2006
Quote:
I want to buy wildcard certificate for our all domain (eg. company.com ).
What is the best course of action?
Create CRC request in Kerio-connect or create request in SSL market
If I use a CRC request in Kerio-Connect, what form "hostname" should I use ? Should I use name with wildcard or without it?
Example:
my domain: company.com
mail server: mail.company.com
Certificate requests : hostname = "*.company.com" or "company.com"
Peter,

Why do you want to purchase a wildcard certificate rather than a "normal" single host? IIRC, wildcards are significantly more expensive than a single host. I think I was able to purchase several singles for the cost of a wildcard.

Most the the certificates I've purchased for single host also handle the "company.com" variant, or so they claim.

Besides, the certificate is to encrypt communication from your clients to your mail server, so the wildcard part isn't really necessary.

As for where to create the request, it really doesn't matter, at least that's been my experience.

Cheers,
Jon
Re: Wildcard certificate [message #148220 is a reply to message #148219] Fri, 05 June 2020 18:26 Go to previous messageGo to next message
pm24 is currently offline  pm24
Messages: 3
Registered: January 2018
Wildcard - I need certificate for a few servers/devices and it is very likely that server names will change frequently. That's why I want to wildcard certificate.
So the question is: "*.company.com" OR "company.com"
Thx.
Peter
Re: Wildcard certificate [message #148222 is a reply to message #148219] Fri, 05 June 2020 23:54 Go to previous messageGo to next message
Backspin is currently offline  Backspin
Messages: 128
Registered: June 2008
Location: Amsterdam, the Netherland...
Wildcard certificates are generally not recommended nowadays, because of the security risks involved.
Imagine using the same wildcard certificate on all of your servers. If only one of these is hacked and the certificate and private key are obtained, hackers will able be impersonate for every single one of you subdomains. All your servers will be at risk.
You could revoke the certificate, but then you would need to install a new certificate on all of your servers.
However, if you use a single certificate for each of your servers/subdomains, you would only need to revoke&replace the certificate on the compromised server/subdomain.


Re: Wildcard certificate [message #148287 is a reply to message #148222] Mon, 15 June 2020 20:11 Go to previous message
hberm001 is currently offline  hberm001
Messages: 20
Registered: August 2012
Location: United States
We use a wildcard cert. We used openssl on the command line to generate the csr and private key.
Previous Topic: Team Mailbox
Next Topic: KEMT improvements
Goto Forum:
  


Current Time: Fri Feb 03 13:56:12 CET 2023

Total time taken to generate the page: 0.02103 seconds