Nelson B wrote:
I'd like to see an actual example of their 6-in-1 or "wildcard" certs
in use on the internet.
Thanks for confirming my guess. Unfortunately I haven't seen any "live"
examples of Go Daddy "6-in-1" certificates. You'd think that Go Daddy
would have helpfully provided an example site for prospective buyers,
but apparently not. (To the contrary, Go Daddy doesn't even seem to be
using this yet on their own sites; for a bit of amusement try going to
<https://www.godaddy.net/> :-)
Go Daddy does have a FAQ that answers some more questions about the
6-in-1 certificates:
http://help.godaddy.com/article_list.php?topic_id=246&&;
Note that they are restricting this specifically to the case where you
have different TLD variants, e.g., foo.com, foo.org, foo.net, and so on.
Like the restriction to six domains total, I presume that this
restriction was done for marketing reasons, as it appears to me that the
underlying implementation in NSS (and presumably in IE and other
browsers) would actually permit multiple unrelated domain names to be
used, e.g., foo.com, bar.net, baz.org, etc.
The more general capability would seem to be useful for the following
cases where you have multiple domains all resolving to a single IP
address (and hence a single web server instance):
* Supporting redirection of commonly misspelled domains back to the
canonical domain, e.g., <https://www.exampel.com/> to
<https://www.example.com/>.
* Supporting redirection of country-specific domain names back to a
single global domain, e.g., <https://www.example.co.uk/> to
<https://www.example.com/>.
There's also the very common case of supporting both plain example.com
vs. www.example.com; I can't remember whether this can be handled using
wildcarding or would need both domain names in the certificate.
In any case I'm surprised that more commercial CAs aren't supporting the
issuance of SSL certificates that handle some of these common situations.
Frank
--
Frank Hecker
[EMAIL PROTECTED]
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
