Using a wildcard certificate may make sense if you are looking for easy management and multiple deployments. They allow you to secure all subject alternative names (SAN) within a domain, and can be a very cost-effective way to secure many different devices. If you have a single registered root domain, a wildcard certificate can secure all domains associated with that root.
The problem with wildcard certificates is that single private key is used to issue certificates to any number of devices, both inside and outside of your infrastructure. This increases the organization's susceptibility to fraud and data loss. Two important aspects to incorporating wildcard certificates is to implement proper control and monitoring of the certificates. Without this, malicious users can issues fake SANs and associate those with your domain.
Wildcard certificates can be installed on many different servers, which could potentially expose the private key to others. Specific certificate keys, in this case, are very accessible, increasing the risk of eavesdropping. If the private key is compromised, encrypted traffic can easily be decrypted by a malicious user, exposing data and confidential information. Impersonation of a SAN can also occur.
Wildcard certificates are dangerous if not controlled. If one server is compromised and the private key is discovered, every single device on your network using that certificate is considered compromised. Trying to keep track of each device and application using the certificate can be a nightmare, leading to expiration of the certificate and problems with usability.
Your best option is to create single certificates for each SSL device requirement. This ensures that each device has a unique private and public key pair, so that if the private key is compromised, only that device is affected. Always store the private keys very securely; if using PKI, keep the server storing these keys offline so that it cannot be compromised.
No comments:
Post a Comment