LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Blogs > In The Middle Of Nowhere [edK's blog]
User Name
Password

Notices


In The Middle Of Nowhere

Life, universe and everything...
--
Blog title (C) Orbital
Rate this Entry

USA, GoDaddy and stupid supporters

Posted 02-08-2010 at 11:04 AM by Web31337

Yesterday I've started to think about securing my services with trusted SSL certs, so I've googled for "Multiple Hostname X509" and found several good articles on generating those and link to godaddy.com, as they can sign those.
I've looked through their site, found no really good explanation for most of things, and decided to poke their support.
Here is what I sent:
Quote:
Originally Posted by Konstantin Leonov
Hello.

Some questions around SSL certs.

I'd like to know more about SSL certificates, especially a feature allowing multiple hostnames in cert.
Here's what I mean: I have a domain(web31337.org) which does not and will never have 'www' prefix(nowww.org covers that topic), but it has many services working from subdomains, needing valid SSL certificate as well. Say, it's a jabber server, irc server, etc.
I want to use one cert for entire site and services. Will this type of certificate applicable to host HTTP web31337.org and user.web31337.org under it, so that it won't issue any warnings?

And by the way, what browsers support your SSL certificates? I'm most curious about the following: Opera, Firefox, SeaMonkey, Midori, Arora, Konqueror. They are going to be the ones used around entire site, target audience is free operating systems(BSD/Linux/etc) users. I can test each of those myself if you'll point me to a site using that type of certificate signed by you.

OR, if I buy wildcard certificate, will it protect web31337.org as well as anything.web31337.org?

I want to make these things clear for myself so I will know for which URL scheme should I adapt my services, if I'll stop by your certs.

Also, about Extended Validation: my domain's whois details are hidden, how would I get that "green" certificate, in case I'll decide to use it for web31337.org root domain only?

I've noticed you are giving away free certs for opensource projects. They aren't "valid" certificates? What's the catch?
And here is what their support replied me with(after some small amount of time, about 10 hours, I assume, which is small unless I am their customer with services):
Quote:
Originally Posted by GoDaddy Support
Dear Konstantin Leonov,

Thank you for contacting Online Support. From the needs you have dscribed, you would want to use a Wildcard certificate. A Wildcard SSL Certificate secures your website URL and an unlimited number of its subdomains/* how would you interpret that? what if my site URL is http://www.www.mycooldomain.com/ ? */. The Wildcard SSL Certificate works the same way as a regular SSL certificate, undergoes the same validation processes, and is available as either a Standard or a Deluxe certificate.

The difference is that the Wildcard SSL Certificate extends to all of the subdomains of your domain that you want to secure. For example, www. coolexample.com, shop. coolexample.com, and register. coolexample.com can all be secured with a single Wildcard SSL Certificate.

NOTE: Some operating systems expect a dedicated and static IP for each of the subdomains that are utilizing the single wildcard certificate.

When generating a Certificate Signing Request (CSR) for a Wildcard certificate, add an asterisk (*) to the left of the Common Name where you want to specify the wildcard.


Examples:


*.coolexample.com secures www.coolexample.com, secure.coolexample.com, etc.


www*.coolexample.com secures www1.coolexample.com, www2.domainnamehere.com, etc.


*.mail.coolexample.com secures secure.mail.coolexample.com, www.mail.coolexample.com, etc.



TIP: <IE bug description skipped>


As far as an Extended Validation SSL is concerned, these can only be issued to registered business entities in the United States and Japan.

Deluxe Corporate Secure Certificates and Code Signing Certificates currently can only be issued to registered business entities in the following countries:

/*list of countries skipped(there was no Russia there which I hoped for)*/

Secure Certificates of any type currently CANNOT be issued to individuals or business entities in the following countries:


Cuba

Iran

North Korea

Sudan

Syria



Secure Certificates of any type currently CANNOT be issued for websites with the following country-code top-level domains:


.cu—Cuba

.ir—Iran

.kp—North Korea

.sd—Sudan

.sy—Syria



Our root certificate — the Valicert Class 2 Policy Validation Authority — is installed in the following browser versions:

/* browser list skipped */
First thing I've noticed(ignoring stinky HTML-formatted email with WHITE text on WHITE background) is a quite heavy explanation, I'd say, double-explanation of wildcard thingy which I, of course, knew well before, except for I didn't know if it protects domain.tld not as well.
I found no CLEAR answer(see bold text in reply and my comment) on that topic and no example.

Next thing I've noticed bite me to "OH, (|24|*, yet another!!!". They refused to issue certificates to poor Cuba, Syria, North Korea, Sudan and Iran. I am really sorry for those countries and all of their people who were denied in access to services located in USA. Some good services. Since that, the answer to my last question on Open-Source Certs became not so interesting and significant(also, if you noticed, there is NO answer for that question of mine, underlined in my request), I will not buy any of their services.
The text of reply is poorly-composed, it has mistypes and it has false information(look at that "NOTE" for instance). Service is too restrictive. No, I probably won't buy anything there ever.

I was planning to either get wildcard SSL cert but I need my root domain to be protected as I don't use www(explained in my support request) or move my entire services to root domain and get "Green" certificate.

Later on-topic posts will be linked with this post.
Posted in etc
Views 1761 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 10:38 PM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration