Unlimited certificates for the price of one?

arduino

I use Namecheap for our company SSL certificates. We have several SAN and wildcard certificates in production right now.

I notice after I have received my completed request, I have the option to reissue my certificates.

This is all fine and well, but what I find interesting is that they do not enforce the original requested name be the same.

An example,

Having only paid for a single ($99) wildcard certificate, I am able to generate wildcard certificates for *.mydomain.com, *.subdomain.mydomain.com and even *.differentdomain.com..so on and so forth.

I am also able to register SAN certificates with completely different SAN entry names (the common name must be the same).

I have been doing this for quite a long time, no one has said anything and they have always worked. Nothing has ever been revoked (besides the expiring certificate, of course) and I have otherwise never had an issue.

Does anyone know if this is the normal way things are done? I have only used cheap vendors for SSL certificates and haven't had the opportunity to view other mechanisms for requests.

cmb

When you have a cert re-issued, they generally revoke your previous cert. Though it looks like Namecheap doesn't actually do that judging by their employees' comments there.

Odd, considering that basically is a way to get unlimited certificates for the price of one (though I believe they put some limit on the number of re-issues).

Whether or not the CN has to match on the re-issue seems to depend on which type of cert you have. Also in that thread, they noted Geotrust certs can't be re-issued on a diff CN.

arduino

Interesting…

Well, I can assure you that the limit for regenerated certificates is not < 19.