This Wiki is available to view at but still under maintenance. PLEASE DO NOT EDIT THE WIKI UNTIL FURTHER NOTICE. We are attempting to restore missing edits which took place between Monday 8 and Thursday 11 April 2019, therefore the site is likely to be taken off line at any time. Updated 20:43 CEST 16 April 2019.
Page tree
Skip to end of metadata
Go to start of metadata
  • DigiCert provides five type of server certificates.

 

  • The experience of recent years shows that server certificates are requested most frequently. If you don't know which certificate you should order, opt for Unified Communications .

  • If you are thinking to apply for SSL Plus choose instead a Unified Communications. Similarly avoid EV SSL Plus and go for EV Multi Domain. Both SSL Plus varieties are cheap for people buying individual certs; in the TCS contract use the better varieties that allow Subject Alternative Names.

  • For Unified Communications the portal claims it is possible to have 25 Subject Alternative Names. In reality, 150 SANs have been tested successfully.

  • The WildCard Plus variant unfortunately has no free choice Subject Alternative Names. They are limited to one Common Name (* .an.example.nl), but the corresponding non-wild domain (an.example.nl) will be included in the certificate. Digicert might change this in the future, but at the moment there is no date if/when this will happen.

  • However, a method exists to combine multiple wildcards in one certificate. First generate two or more WildCard Plus certificates, each containing one wildcard. You really need to make the certificates; ordering the requests is not sufficient. In principle, use the same public/private key pair for the wildcards. Once you have generated the certificates, ask support@digicert.com to merge their order numbers into one new combined certificate. Support puts a new request in your queue; as an admin you will have to approve it. You should be able to also merge Unified Communications in this game

    Example:
    Certificate 1: CN=*.eefje.surfnet.nl  SAN=eefje.surfnet.nl
    Certificate 2: CN=*.joost..surfnet.nl  SAN=joost.surfnet.nl
    Merged: CN=*.eefje.surfnet.nl  SAN=*.eefje.surfnet.nl , SAN=eefje.surfnet.nl , SAN=*.joost..surfnet.nl , SAN=joost.surfnet.nl
  • Make moderately use of Extended Validation certificates. Use them for your important public Web sites, but not for server-server connections and choose a policy that does justice to the terms of use .
  • No labels