1

Topic: Need to renew SSL/TLS certificate - is a wildcard certificate good?

==== Required information ====
- iRedMail version: 0.8.7 (Pro 1.8.2)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Debian Wheezy
- Related log if you're reporting an issue:
====

This is not a directly iRedMail question, but we are running iRedMail on our server (who needs to renew the certificate).
This is the situation:
Our certificate (multi for up to 5 sub-domains) need to be renewed and we have two options:
-Renew our multi-domains certifiate
-Buy a new wildcard certificate

The job changing the certificate would be the same, a wildcard certificate would cost the doubble, but would be more versatile since we can use it on all web servers under our domain.

Do anyone have some recommendations regarding use of wildcard certificate vs. multi-domain certificates? Any general issues og server side issues?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Need to renew SSL/TLS certificate - is a wildcard certificate good?

Ok, this is just my personal opinion. Depends on the company, trust, usage etc.
But I would not use wildcard at all. If it is possible I would use a server cert with SAN (Subject Alternative Names).
But that is not always possible and has a limit for the SAN's.

Btw with multipe-domain, do you main SAN?

Disadvantage of wildcard is that you only have proof of the domain, but you could be connected to any subdomain.
This in case if the cert is compromised of course. if you don't have serious plans for more subdomain, I would use the multidomain again.

Again, just my thoughts.

3

Re: Need to renew SSL/TLS certificate - is a wildcard certificate good?

Thanks, yes I meant SAN/UCC