Unlimited certificates for the price of one?



  • I use Namecheap for our company SSL certificates. We have several SAN and wildcard certificates in production right now.

    I notice after I have received my completed request, I have the option to reissue my certificates.

    This is all fine and well, but what I find interesting is that they do not enforce the original requested name be the same.

    An example,

    Having only paid for a single ($99) wildcard certificate, I am able to generate wildcard certificates for *.mydomain.com, *.subdomain.mydomain.com and even *.differentdomain.com..so on and so forth.

    I am also able to register SAN certificates with completely different SAN entry names (the common name must be the same).

    I have been doing this for quite a long time, no one has said anything and they have always worked. Nothing has ever been revoked (besides the expiring certificate, of course) and I have otherwise never had an issue.

    Does anyone know if this is the normal way things are done? I have only used cheap vendors for SSL certificates and haven't had the opportunity to view other mechanisms for requests.



  • When you have a cert re-issued, they generally revoke your previous cert. Though it looks like Namecheap doesn't actually do that judging by their employees' comments there.

    Odd, considering that basically is a way to get unlimited certificates for the price of one (though I believe they put some limit on the number of re-issues).

    Whether or not the CN has to match on the re-issue seems to depend on which type of cert you have. Also in that thread, they noted Geotrust certs can't be re-issued on a diff CN.



  • Interesting…

    Well, I can assure you that the limit for regenerated certificates is not < 19.


Log in to reply