Hi Dean, On 02/07/2012 03:19 AM, Dean Coclin wrote: > This is Dean from Symantec. I'd like to offer the following with regard to > your question about this certificate: > > This is a legitimate certificate that VeriSign issued to Securepoint for > their Network Access Controller (NAC). See > http://download.securepoint.de/files/Handbuecher/NAC/NAC_Common_Delegated_Ad > ministration_Guide.pdf >
I think we disagree about the "legitimate" part of your statement. Perhaps you mean intentional? > > Customers have approached VeriSign with a similar need: they produce an app > or appliance that is to be deployed in their customer's network, and they > want out-of-the-box SSL certificate protection. Since they cannot know in > advance what will be the host name that their customer will provide for the > app or appliance (and they don't wish to burden their customer with the task > of generating and > installing an SSL certificate after installation), they purchase an SSL > certificate for an internal-only domain name, and deploy the same private > key and certificate in each app or appliance. > So if one of these systems is compromised, what happens? > As was pointed out, this cert was issued in 2010. The CAB Forum has > addressed the issuance of SSL certs to non FQDNs in the baseline > requirements which were recently adopted. > Is it true that the new requirements won't come into effect until 2016? All the best, Jacob
