GFI Forums: Kerio Connect » Wildcard certificate

Home » GFI User Forums » Kerio Connect » Wildcard certificate

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Wildcard certificate [message #148214]

Fri, 05 June 2020 10:22

pm24
Messages: 3
Registered: January 2018

I want to buy wildcard certificate for our all domain (eg. company.com ).
What is the best course of action?
Create CRC request in Kerio-connect or create request in SSL market
If I use a CRC request in Kerio-Connect, what form "hostname" should I use ? Should I use name with wildcard or without it?
Example:
my domain: company.com
mail server: mail.company.com
Certificate requests : hostname = "*.company.com" or "company.com"

Thx.
Peter

Report message to a moderator

Re: Wildcard certificate [message #148219 is a reply to message #148214]

Fri, 05 June 2020 18:16

j.a.duke
Messages: 239
Registered: October 2006

Quote:

I want to buy wildcard certificate for our all domain (eg. company.com ).
What is the best course of action?
Create CRC request in Kerio-connect or create request in SSL market
If I use a CRC request in Kerio-Connect, what form "hostname" should I use ? Should I use name with wildcard or without it?
Example:
my domain: company.com
mail server: mail.company.com
Certificate requests : hostname = "*.company.com" or "company.com"

Peter,

Why do you want to purchase a wildcard certificate rather than a "normal" single host? IIRC, wildcards are significantly more expensive than a single host. I think I was able to purchase several singles for the cost of a wildcard.

Most the the certificates I've purchased for single host also handle the "company.com" variant, or so they claim.

Besides, the certificate is to encrypt communication from your clients to your mail server, so the wildcard part isn't really necessary.

As for where to create the request, it really doesn't matter, at least that's been my experience.

Cheers,
Jon

Report message to a moderator

Re: Wildcard certificate [message #148220 is a reply to message #148219]

Fri, 05 June 2020 18:26

pm24
Messages: 3
Registered: January 2018

Wildcard - I need certificate for a few servers/devices and it is very likely that server names will change frequently. That's why I want to wildcard certificate.
So the question is: "*.company.com" OR "company.com"
Thx.
Peter

Report message to a moderator

Re: Wildcard certificate [message #148222 is a reply to message #148219]

Fri, 05 June 2020 23:54

Backspin
Messages: 129
Registered: June 2008
Location: Amsterdam, the Netherland...

Wildcard certificates are generally not recommended nowadays, because of the security risks involved.
Imagine using the same wildcard certificate on all of your servers. If only one of these is hacked and the certificate and private key are obtained, hackers will able be impersonate for every single one of you subdomains. All your servers will be at risk.
You could revoke the certificate, but then you would need to install a new certificate on all of your servers.
However, if you use a single certificate for each of your servers/subdomains, you would only need to revoke&replace the certificate on the compromised server/subdomain.

Backspin IT - http://www.backspin.nl

Report message to a moderator

Re: Wildcard certificate [message #148287 is a reply to message #148222]

Mon, 15 June 2020 20:11

hberm001
Messages: 20
Registered: August 2012
Location: United States

We use a wildcard cert. We used openssl on the command line to generate the csr and private key.

Report message to a moderator

Previous Topic:	Team Mailbox
Next Topic:	KEMT improvements

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Tue Mar 21 20:19:25 CET 2023

Total time taken to generate the page: 0.01690 seconds