SSL Certificates and ... Providers

Jimmy Hess mysidia at gmail.com
Fri Dec 28 01:42:33 UTC 2012


On 12/27/12, Blake Pfankuch <blake at pfankuch.me> wrote:

It does make no sense, and I would say it is an unusual restriction,
but a CA can put any certificate usage restriction they want in their
policy,  and technically,   they have likely included a right to audit
and issue out a revokation/CRL for any certificates not following
their usage policy:  a common example would be a SSL cert used to
facilitate phishing.    Make your X509 vendor take the language out of
the agreement  against  the use on multiple servers,   or buy from one
of the many dozens of other certificate providers    who issues
wildcards and has no such special restriction on certificate usage in
the certificate signing/usage policies.   :)


> Ok, so this might be a little off topic but I am trying to validate
> something a vendor is telling me and hoping some people here have expertise
> in this area...
>
> I am working with a SSL certificate provider.  I am trying to purchase a
> quantity of wildcard SSL certificates to cover about 60 FQDN's across 4
[snip]

--
-JH



More information about the NANOG mailing list