Sorry to say this but this page is somewhat out of date. I have no
difficulty with IE and wildcard certificates. Some versions issue a warning
about it being a wildcard, and some don't. However, from IE3.02 onwards they
work fine. For security reasons if nothing else you shouldn't use anything
before IE3.02 (notwithstanding that AFAIK Thawte certificates no longer work
with anything less than IE 3.0 anyway)
It is extremely unlikely that Microsoft would deliberately stop supporting
or allowing wildcard certificates, simply because Thawte has a large market
share. Whether a forthcoming "fix" would remove support accidentally is
anyone's guess.
Look at it this way, if you have more than 5 SSL sites, you would be best
advised to use a wildcard. Unless of course you have money to burn and love
to spend ages sorting out individual certificates and keys.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 19 May 2000 00:38
To: [EMAIL PROTECTED]; Mike King
Subject: Re: VeriSign keys.
Addressed to: [EMAIL PROTECTED]
Mike King <[EMAIL PROTECTED]>
** Reply to note from Mike King <[EMAIL PROTECTED]> Fri, 19 May
2000 05:58:59 -0700
>
>
> >Wildcard certificates allow you to authenticate many web servers within
> >your domain, and pay for only one certificate. You pay much more for a
> >wildcard certificate, but if you have more than 5 hosts in your domain
> >that need SSL it is cost effective. (At least when I checked Thawte's
> >prices a few months ago.)
>
> Rick,
>
> I see reference to wild card certificates, but cannot see any
> reference to it on the Thawte web site - is it the Enterprise PKI ?
>
> Any pointers would be appreciated
>
I did some looking around on the Thawte site, and was getting worried
that maybe I was dreaming about wildcard certificates. After a few
minutes I found them in the price list, but nowhere else.
http://www.thawte.com/pricing.html
---------------------------------------------------
A certificate that can be used on multiple hosts. Such a certificate
has a CommonName like *.domain.com. When Navigator checks the host
name in this certificate it uses a shell expansion procedure to see if
it matches. In the example given, any host ending in .domain.com will
be acceptable.
---------------------------------------------------
I also found the killer that stopped me from considering them:
---------------------------------------------------
Please note, however, that MSIE does not implement wildcard certificate
name checking, so we cannot guarantee that wildcarding will work with
any Microsoft product for any period of time.
---------------------------------------------------
That kind of makes them not useful on the Internet.
Rick Widmer
http://www.developersdesk.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
