[159186] in North American Network Operators' Group
Re: SSL Certificates and ... Providers
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Thu Dec 27 20:42:50 2012
In-Reply-To: <CC75EEBF17C7374EA8309102B7B10C840109D3E657@SHSBS.shenrons-house.local>
Date: Thu, 27 Dec 2012 19:42:33 -0600
From: Jimmy Hess <mysidia@gmail.com>
To: Blake Pfankuch <blake@pfankuch.me>
Cc: "NANOG \(nanog@nanog.org\)" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/27/12, Blake Pfankuch <blake@pfankuch.me> wrote:
It does make no sense, and I would say it is an unusual restriction,
but a CA can put any certificate usage restriction they want in their
policy, and technically, they have likely included a right to audit
and issue out a revokation/CRL for any certificates not following
their usage policy: a common example would be a SSL cert used to
facilitate phishing. Make your X509 vendor take the language out of
the agreement against the use on multiple servers, or buy from one
of the many dozens of other certificate providers who issues
wildcards and has no such special restriction on certificate usage in
the certificate signing/usage policies. :)
> Ok, so this might be a little off topic but I am trying to validate
> something a vendor is telling me and hoping some people here have expertise
> in this area...
>
> I am working with a SSL certificate provider. I am trying to purchase a
> quantity of wildcard SSL certificates to cover about 60 FQDN's across 4
[snip]
--
-JH
