Unlimited certificates for the price of one?
-
I use Namecheap for our company SSL certificates. We have several SAN and wildcard certificates in production right now.
I notice after I have received my completed request, I have the option to reissue my certificates.
This is all fine and well, but what I find interesting is that they do not enforce the original requested name be the same.
An example,
Having only paid for a single ($99) wildcard certificate, I am able to generate wildcard certificates for *.mydomain.com, *.subdomain.mydomain.com and even *.differentdomain.com..so on and so forth.
I am also able to register SAN certificates with completely different SAN entry names (the common name must be the same).
I have been doing this for quite a long time, no one has said anything and they have always worked. Nothing has ever been revoked (besides the expiring certificate, of course) and I have otherwise never had an issue.
Does anyone know if this is the normal way things are done? I have only used cheap vendors for SSL certificates and haven't had the opportunity to view other mechanisms for requests.
-
When you have a cert re-issued, they generally revoke your previous cert. Though it looks like Namecheap doesn't actually do that judging by their employees' comments there.
Odd, considering that basically is a way to get unlimited certificates for the price of one (though I believe they put some limit on the number of re-issues).
Whether or not the CN has to match on the re-issue seems to depend on which type of cert you have. Also in that thread, they noted Geotrust certs can't be re-issued on a diff CN.
-
Interesting…
Well, I can assure you that the limit for regenerated certificates is not < 19.