ITSC eNewsletter, Issue 159 02 Apr, 2015

1. Decommissioning of CUHK Student Webmail System and Student 'alias@cuhk.edu.hk'
2. Why Having CUHK OnePass System?
3. Add Value to Your Print Account Online Easily
4. University Health Service Online Booking System Enhanced
5. Avoid Using Wildcard Server Certificate
6. Buy Notebook Computers for Your Department with New Reference Tender
7. The End is Near - Windows Server 2003 End-of-Life
8. Before Traveling Abroad for Work / Conference / Holiday
9. Feature: Keeping Information Safe with eServices Firewall Service

Back to this issue

5. Avoid Using Wildcard Server Certificate

Wildcard certificates offer flexibility to system administrators, but it also creates some potential risks:

  • Sharing of one single certificate across multiple hosts poses higher risk of key leakage
  • If one server or sub-domain is compromised, all sub-domains may be compromised.

From a security standpoint, use of wildcard certificates is strongly discouraged in CUHK. Here are some recommendations for administrators who manage server certificates in department: 

Dos

DON'Ts

  • Use wildcard certificate on University top domains or sub-domains that representing the University or any underlying departments/units
  • Use wildcard certificate to protect multiple sets of sensitive information
  • Share wildcard certificate across machines with different purposes

Follow our guidelines when you apply, use and manage server certificates

We hope you enjoy reading the ITSC eNewsletter. As always, we would like to know how you think about the ITSC eNewsletter and how we can make it more useful to you. Please write your comment to ITSC Service Desk.

[E-mail to Friends] [Search]


Copyright 2024, Information Technology Services Centre, The Chinese University of Hong Kong