Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
A co-worker told me that when you visit a website over SSL the certificate no longer guarantees that you’re actually dealing with the intended recipient. This is due to something called “multi-domain SSL certificates”. A quick google search seems to show these exist – but I was always under the impression SSL provided encryption and authentication. Is this no longer the case? Surely this is a step in the wrong direction?
There are wildcard certificates, which allow all hosts in one domain to be covered by the same cert. They’re more expensive to get issued (since the CAs wouldn’t make as much money as if you’d ordered multiple separate single-domain certs), but when you need to cover multiple hostnames in your domain with ssl, it can be quite a savings.
A properly issued cert will cover at LEAST one host name, like http://www.example.com. And with wildcarding, can cover *.example.com.
SSL by itself guarantees nothing in the way of identification – simply that the link is encrypted. Any certificate will do that for you – even self-signed ones. What you get with the “commercial” certs is a (theoretically) trustworthy third party saying “we’ve verified that the person who this http://www.example.com certificate was issused to really is http://www.example.com“