Is there a security reason not to use a wildcard cert other than manageability and exploitation if used on multiple servers?

security https ssl

I have a security advisor that is telling me that we can't use wildcard SSL certs for security reasons. To be clear I much prefer using single certs or multi-domain certs (SAN). However we have a need for the server (plesk) to server 100s of subdomains.

Based on my research the main reason people site for not using wildcard is the following which appears to come from verisign:

  • Security: If one server or sub-domain is compromised, all sub-domains may be compromised.
  • Management: If the wildcard certificate needs to be revoked, all sub-domains will need a new certificate.
  • Compatibility: Wildcard certificates may not work seamlessly with
    older server-client configurations.
  • Protection: VeriSign Wildcard SSL Certificates are not protected by NetSure extended warranty.

Since the private key, cert, and subdomain will all exist on the same server... replacement would be as simple as replacing this one cert and effect the same amount of users. Therefore is there another reason not to use a wildcard cert?


The only other 'gotcha' that I'm aware of is that Extended Validation certificates cannot be issued with a wildcard, so it's not an option if you're going for an EV certificate.

In terms of the security, you've hit the nail on the head - a single private key protects all domains that are under the wildcard. So, for instance, if you had a multi-domain SAN cert that covered www.example.com and something.example.com get compromised, only those two domains are at risk for attack with the compromised key.

However, if that same system were instead running a *.example.com cert to handle SSL traffic for www and something subdomains and were compromised, then everything covered by that wildcard is potentially at risk, even services not hosted directly on that server - say, webmail.example.com.


Security: If one server or sub-domain is compromised, all sub-domains may be compromised.

If you are using a single web server for your hundreds of virtual hosts then all the private keys would need to be readable by that web server process. If a person can compromise the system to a point were they can read one key/certificate, then they probably already have compromised the system to a point where they can grab all the private keys/certs used by that web server.

The keys are generally stored on the filesystem with privileges that will only permit root to access them. So if your system is rooted, then you probably have lost everything. Doesn't really matter if you have a single cert or many.

Management: If the wildcard certificate needs to be revoked, all sub-domains will need a new certificate.

If you are using a wildcard for *.example.org then you only need to replace a single certificate. If you have a cert for one.example.org, two.example.org, and three.example.org, then you have to replace 3 certificates. So the wildcard certificate is less work. So yes, that cert would be revoked and replaced, but since you only have to replace one instead of hundreds, it should be very easy.

Compatibility: Wildcard certificates may not work seamlessly with older server-client configurations.

Those system almost certainly need to be updated. They are almost certainly have many other vulnerabilities.

Related

/dev/mapper/VolGroup-lv_root has no more space left?
What are the best practices for service accounts?
How to debug memcached "SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY" errors?
Windows 2012: how to make power button work in every cases?
Root cause of "curl: (56) SSL read: errno -5961" errors
OpenSSH doesn't accept ECDSA keys
Change apache mpm to mpm-itk for CentOS7
How do I set default internet zone level with Group policy?
OpenVPN "rwRW" logging
Scale HAProxy for more than 64k websockets
Kerberos KDC has no support for encryption type while getting credentials
Unzip from stdin to stdout - funzip, python