Wildcard certificates offer flexibility to system administrators, but it also creates some potential risks: - Sharing of one single certificate across multiple hosts poses higher risk of key leakage
- If one server or sub-domain is compromised, all sub-domains may be compromised.
From a security standpoint, use of wildcard certificates is strongly discouraged in CUHK. Here are some recommendations for administrators who manage server certificates in department: Dos | DON'Ts | | - Use wildcard certificate on University top domains or sub-domains that representing the University or any underlying departments/units
- Use wildcard certificate to protect multiple sets of sensitive information
- Share wildcard certificate across machines with different purposes
|
|
Follow our guidelines when you apply, use and manage server certificates
|