JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard SSL RGS SSL eIDAS SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates
E-signature Strong authentication
Test certificates PKI Trust Seals
Our products range
TBS X509 Symantec Website Security Thawte Comodo GlobalSign GeoTrust Certigna
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility The Lab
Focus
Elliptic Curve Cryptography
TBS INTERNET launches a whole range of ECC SSL certificates. Multi-domains, wildcard, EV, standards... More details


What are limitations of Wildcard or OmniDomain certificates?

  • The wildcard character only replaces characters from 0 to 9 and from A to Z and dash (equivalent to [0-9A-Za-z\-]+)

  • The wildcard certificate works fine under IIS except that the points are not taken into account in the star by Internet Explorer. It is a deliberate choice from Microsoft and the RFC 2818. The Mozilla family tools were more tolerant until Firefox 3.0.13 (NSS 3.12.3) that holds with the common functioning of the other browsers.
    See http://support.microsoft.com/kb/258858

  • X509 Omnidomaine TBS, X509 Omnidomaine SGC TBS, Comodo Wildcard, Geotrust Wildcard, Thawte Wildcard and GlobalSign OV Wildcard certificates secure with and without the sub-domain.

  • There is a limitation on ISA Server 2004. It allows HTTPS requests on a wildcard certificate but ISA server can't initiate HTTPS connection on a IIS server holding a Wilcard certificate. It works with ISA server 2006. It is explained bu Microsoft here).

  • Microsoft LCS (live communication server), Lync and Office Communication Server products that use SSL certificates can not handle Wildcard certificates.

  • Activesync only works with wildcards starting from Microsoft Mobile 6 (WM 3, 4, and 5 do not work with wildcards). A standard certificate is required.

  • Some mobile devices (cellphones) do not handle * character and display an error when checking the certificate.

  • Windows Mobile 5 does not handle Wildcard certificates (whatever the brand). But Windows Mobile 6 does (See Microsoft website).

  • If you are using RPC over HTTPS, you'll need to set-up outlook, see RPC over HTTPS and ISA 2006 and Wildcard

  • You may encounter issues when using a Wilcard certificate with Exchange

  • You can encounter issues while using Wildcard certificate with Microsoft IIS

  • Barracuda Spam Firewalls can only create a certificate with a name that matches the server name. Technically, you can work around this issue by naming your server in the *.domain.com format.
The following servers can not handle Wildcard certificates:
  • Novell iChain 2.3 SP3
  • Oracle Wallet Manager
  • Aventail (before its version 10.5)

What are the drawbacks of Wildcard or Omnidomains certificates?

  • the security: should a server hosting such a certificate be compromized, the other servers using that same certificate may be endangered as well (same private key).
  • the management: should a Wildcard or Omnidomain certificate be revoked, you'll have to remove it from all the servers that are using it.
  • The compatibility: to prevent issues you need to consider that the star only replaces one domain level.


Useful links