The Risks In Wildcard Certificates

 
 
By Larry Seltzer  |  Posted 2008-10-11
 
 
 

The imperative to use SSL, for web authentication and encryption or VPNs, is reasonably universal. Competition has driven prices of certificates down over the years to the point where you can get conventional SSL certificates from reputable vendors for well under $100 per year.

Another product gaining popularity due to competition is the wildcard certificate. A conventional certificate works on a single domain, e.g. www.foo.com. A wildcard certificate protects all subdomains of a domain subject to the use of wildcard characters in the name. So a wildcard certificate for *.foo.com protects www.foo.com, bar.foo.com, mail.foo.com, chasephish.foo.com, and so on.

I have received many notes from vendors about them, both as press and as a prospective customer. Most CAs (certificate authorities) clearly see them as a way to grow markets. If you've got a lot of domains you can save a lot of money with a wildcard certificate relative to buying individual certificates for them, but not from all vendors. VeriSign, the 800 lb. gorilla in the CA room, prices wildcard certs by the domain being protected, so that they don't save much, if any money outright.

There is still a potential to save in convenience of administration with a wildcard certificate. But there are real downsides to wildcard certificates. When things go wrong the convenience may evaporate quickly. The VeriSign site lists their take on the disadvantages of wildcard certs:

  • Security: If one server or sub-domain is compromised, all sub-domains may be compromised.
  • Management: If the wildcard certificate needs to be revoked, all sub-domains will need a new certificate.
  • Compatibility: Wildcard certificates may not work seamlessly with older server-client configurations.
  • Protection: VeriSign Wildcard SSL Certificates are not protected by NetSure extended warranty.
I hope it doesn't need to be said that VeriSign, as the dominant market player, has an interest in prices remaining high, so take their advice on wildcards in that light. The last point is VeriSign saying that wildcards get a lesser level of service from them, so that's not a problem inherent in the technology, but the other 3 points are reasonable generally.

It's true that a compromised wildcard certificate is a bigger problem than a certificate for a single domain. It's probably also a bigger target. How big a problem is this? Using the same certificate means that every host in the domain is using the same key pairs. This means that if the keys are compromised for one host, the entire domain is compromised. At the same time, the larger number of systems relying on those key pairs multiplies the number of potential weaknesses through which a compromise may be found. Fundamentally, this makes wildcard certificates a weaker, less trustworthy solution than individual certificates.

What VeriSign says about management is also true, but whether it's a real burden to replace a wildcard certificate depends on the management system you're using. It may be some work, it may not be. It's also true that if you need to revoke a certificate your CA needs to move fast and when you need them. I'm not sure all CAs, even reputable ones, perform the same in this regard.

As for the compatibility issue, it seems there was something there, but as VeriSign says, it's a problem with older software. This page details some compatibility problems with older client software and wildcard certificates. You don't see a lot of current versions in there.

I suspect there isn't a lot of real world data on whether wildcard certificates are more of a security and management problem than per-domain certificates. It may not amount to much. I think there's probably something there in the aggregate.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack

Rocket Fuel