Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unlimited certificates for the price of one?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 991 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      arduino
      last edited by

      I use Namecheap for our company SSL certificates. We have several SAN and wildcard certificates in production right now.

      I notice after I have received my completed request, I have the option to reissue my certificates.

      This is all fine and well, but what I find interesting is that they do not enforce the original requested name be the same.

      An example,

      Having only paid for a single ($99) wildcard certificate, I am able to generate wildcard certificates for *.mydomain.com, *.subdomain.mydomain.com and even *.differentdomain.com..so on and so forth.

      I am also able to register SAN certificates with completely different SAN entry names (the common name must be the same).

      I have been doing this for quite a long time, no one has said anything and they have always worked. Nothing has ever been revoked (besides the expiring certificate, of course) and I have otherwise never had an issue.

      Does anyone know if this is the normal way things are done? I have only used cheap vendors for SSL certificates and haven't had the opportunity to view other mechanisms for requests.

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        When you have a cert re-issued, they generally revoke your previous cert. Though it looks like Namecheap doesn't actually do that judging by their employees' comments there.

        Odd, considering that basically is a way to get unlimited certificates for the price of one (though I believe they put some limit on the number of re-issues).

        Whether or not the CN has to match on the re-issue seems to depend on which type of cert you have. Also in that thread, they noted Geotrust certs can't be re-issued on a diff CN.

        1 Reply Last reply Reply Quote 0
        • A Offline
          arduino
          last edited by

          Interesting…

          Well, I can assure you that the limit for regenerated certificates is not < 19.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.