Re: FN-FORUM Wildcard SSL certificates

date posted 9th January 2002 23:55

James Fidell wrote:

> Quoting Charles Lecklider [EMAIL REMOVED]
>
>>>Thawte lets you buy 128-bit SuperCerts, too, and they're all manner of
>>>trouble with IE :) However, this works fine in Netscape for me, and works
>>>fine in IE 5.00.2919. I can't see anything obvious that I've done wrong.
>>>
>>Never had a problem with SuperCerts with IE either....
>>
>
> Let's not get me started :)


No, lets :-)


>>>>Is it available online? I'll take a look if it is.
>>>>
>>>>
>>>Thanks. Try https://www2.swreg.org/ and see what happens. It's a
>>>self-signed certificate, so you should get a warning that the CA isn't
>>>recognised, but what I don't want is a "certificate doesn't match server
>>>name" error.
>>>
>>OK, Mozilla 0.9.7 correctly complains only about the CA. As does IE 6.
>>
>>Maybe a visit to windowsupdate for the machines that don't like it?
>>
>
> And herein lies the problem. Using wildcard certs would make management
> much more straightforward, not to mention cheaper, for several systems
> I'm working on. For those of us developing and testing, it's no problem
> to update to the latest version.
>
> However, people with modems who want to spend hundreds of dollars at
> your site tend to get put off if they have to download an update before
> they can actually get anywhere. If that's only going to be a small
> percentage of people, then I could live with it, but the documentation
> of these problems seems so sparse, if it exists at all, that I've actually
> got no idea how many people will be affected :(


Well, there are a load of active people on the list. Maybe a simple test
site, with a form on the end for people to put in the version of the
browser and what happened. Should give you some idea of how big the
problem is.

-C