Versions Compared

Old Version 1

changes.mady.by.user Alessandra Scicchitano

Saved on

compared with

New Version Current

changes.mady.by.user Teun Nijssen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  • DigiCert provides five type of server certificates.

    Image Added

 

  • The experience of recent years shows that server certificates are requested the most
    Do not know what type of server certificate you need? Opt frequently. If you don't know which certificate you should order, opt for Unified Communications .

  • DigiCert provides five type of server certificates. The first (EV Multi-Domain), third (Unified Communication) and fifth (Wildcard Plus) variant in order. 
    If you are ever tempted thinking to apply for SSL Plus choose instead anyway rather a Unified Communications and instead . Similarly avoid EV SSL PLus prefer Plus and go for EV Multi Domain.
    Image Removed
    Eschew the second (EVSSL Plus) and fourth (SSL Plus) versions. The SSL Plus versions do not support Subject Alternative Names, nor 4096 bit keys.
    Both SSL Plus varieties are cheap for people buying individual certs; in the TCS contract use the better varieties that allow Subject Alternative Names.

  • For Unified Communications the portal claims it is possible to have 25 Subject Alternative Names. In reality, 150 SANs have been tested successfullyUnified Communications reports that 25 Subject Alternative Ames are possible. There are many more hundred has been successfully tested. Comodo could contain a Unified Communications certificate wildcards; by DigiCert can not unfortunately. There is asked DigiCert or that may in the future. On that question, during the migration period will almost certainly get no answer.

  • The WildCard Plus variant unfortunately has no free choice Subject Alternative Names. They are limited to one Common Name (* .an.example.nl), but the corresponding non-wild domain (an.example.nl) will be included in the certificate. Digicert might change this in the future, but at the moment there is no date if/when this will happen.

  • However, a method exists to combine multiple wildcards in one certificate. First generate two or more WildCard Plus certificates, each containing one wildcard. You really need to make the certificates; ordering the requests is not sufficient. In principle, use the same public/private key pair for the wildcards. Once you have generated the certificates, ask support@digicert.com to merge their order numbers into one new combined certificate. Support puts a new request in your queue; as an admin you will have to approve it. You should be able to also merge Unified Communications in this game

    Example:
    Certificate 1: CN=*.eefje.surfnet.nl  SAN=eefje.surfnet.nl
    Certificate 2: CN=*.joost..surfnet.nl  SAN=joost.surfnet.nl
    Merged: CN=*.eefje.surfnet.nl  SAN=*.eefje.surfnet.nl , SAN=eefje.surfnet.nl , SAN=*.joost..surfnet.nl , SAN=joost.surfnet.nl
  • Make moderately use of Extended Validation certificates. Well  Use them for your important public Web sites, but not for server-server connections that never see a man or for testing. Choose and choose a policy that does justice to the terms of use .