Versions Compared

Old Version 3

changes.mady.by.user Alessandra Scicchitano

Saved on

compared with

New Version Current

changes.mady.by.user Teun Nijssen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  • DigiCert provides five type of server certificates.
    Image Removed
    Image Added

 

  • The experience of recent years shows that the server certificates are the ones requested the most frequently.  
    if If you don't know which certificate you should order, opt for Unified Communications .

  • If you are thinking to apply for SSL Plus choose instead anyway a Unified Communications and choose . Similarly avoid EV SSL Plus instead of and go for EV Multi Domain.
    Eschew the second (EVSSL Plus) and fourth (SSL Plus) versions. The SSL Plus versions do not support Subject Alternative Names, nor 4096 bit keys.
    Both SSL Plus varieties are cheap for people buying individual certs; in the TCS contract use the better varieties that allow Subject Alternative Names.

  • For Unified Communications the portal claims it In Unified Communications it is possible to have 25 Subject Alternative Names.  In reality, 150 SANs have been tested successfully.

  • The WildCard Plus variant unfortunately has no free choice Subject Alternative Names. They are limited to one Common Name (* .an.example.nl), but the corresponding non-wild domain (an.example.nl) will be included in the certificate.   Digicert might change this in the future, but at the moment there is no

...

  • date if/when this will happen.

  • However, a method exists to combine multiple wildcards in one certificate. First generate two or more WildCard Plus certificates, each containing one wildcard. You really need to make the certificates; ordering the requests is not sufficient. In principle, use the same public/private key pair for the wildcards. Once you have generated the certificates, ask support@digicert.com to merge their order numbers into one new combined certificate. Support puts a new request in your queue; as an admin you will have to approve it. You should be able to also merge Unified Communications in this game

    Example:
    Certificate 1: CN=*.eefje.surfnet.nl  SAN=eefje.surfnet.nl
    Certificate 2: CN=*.joost..surfnet.nl  SAN=joost.surfnet.nl
    Merged: CN=*.eefje.surfnet.nl  SAN=*.eefje.surfnet.nl , SAN=eefje.surfnet.nl , SAN=*.joost..surfnet.nl , SAN=joost.surfnet.nl
  • Make moderately use of Extended Validation certificates. Use them for your important public Web sites, but not for server-server connections and choose a policy that does justice to the terms of use .