Wildcard SSL Certificates

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hey guys,

I have a question.  I'm thinking about purchasing a wildcard SSL certificate
for my domain.  I've been told that the wildcard SSL certificate can be a
security risk, but I've never heard an explanation as to why this is so.
I've done searches on Google and I have yet to hear a real reason as to why
these might not be safe.

Are these truly not safe?  What situations should I be aware of before I
decide to implement this?


Re: Wildcard SSL Certificates

Quoted text here. Click to load it

basically any processor that can obtain the corresponding private key
.... and can represent itself as some/any host in the specified domain
.... clients will then consider as valid hosts for the associated

some sites have used wildcard certificates where they have multiple
different hosts providing similar service (for scallability and/or
availability) ... where each host may have unique host name (within
the domain).

indirectly some might consider it a security issue because it implies
replication of the private key.

in the early days of processing load-balancing there was

1) use of dns multiple a-records .... where the same hostname was
mapped to a list of ip-addresses. the browser could run thru the list
of different ip-addresses until it found a host that responded.  this
would require it host have its own copy of the corresponding private
key ... but wildcard certificates wouldn't be required since all the
different hosts (with different ip address) would all be responding to
the same hostname.

2) use of front-end redirection in server boundary router (interfacing
to a pool of servers). the client would map a single hostname to a
specific ip address ... the initial connect packet would pass thru the
boundary router ... which had some special code to redirect the
connect request to a pool of servers. agaiu, a non-wildcard
certificate wouldn't be needed ... but each server in the pool would
require their own copy of the private key.

the fundamental ssl domain name server certificate

has the browser checking that the server (the browser is talking to)
is able to demonstrate possesion of the private key that goes with the
public key in the certificate ... and that the hostname specified to
the browser (in the url) corresponds to the hostname in the ssl
certificate (supplied by the server). for wildcard certificates
.... the browser just checks for match on the non-wildcard portion
against the corresponding portion in the supplied URL.

now, an attacker that could convince a certification authority to
issue a wildcard certificate against a base tld qualifier, like ".com"
.... then could impersonate anybody in .com. This isn't a vulnerability
of having correctly issued you a wildcard certificate ... this is a
vulnerability of a certification authority incorrectly issuing a
wildcard certificate to an attacker.

say somebody else in your company is issued a wildcard certificate for
their server ... and it happens to have very low security requirement
and poor intrusion countermeasures ... and could be relatively easily
compromised. it then could made to impersonate other servers in the
same company. Some of the other corporate servers might have much
higher security requirements and therefor much stronger intrusion
countermeausres (making them much more difficult to directly
compromise)...  this is analogous to, but different to some of the
escalation of privilege attacks.

the attack isn't directly against your wildcard certificate ... it is
using wildcard certificate from a less well defended server ... to
turn around and impersonate servers that are much better defended.

Anne & Lynn Wheeler | http://www.garlic.com/~lynn /

Re: Wildcard SSL Certificates

Michael wrote:
Quoted text here. Click to load it

Man in the middle attack.

´╗┐My computer security & privacy related homepage
Use HushTools or GnuPG/PGP to encrypt any email
before sending it to me to protect our privacy.

Site Timeline