You are viewing an old version of this page. View the current version.
        
        
            Compare with Current
                        View Page History
        
        
                            « Previous
            
            
                                     Version 12
                            
                            Next »
            
        
     
            
                                            
        
                           
        - DigiCert provides five type of server certificates.
 
  
 
- The experience of recent years shows that server certificates are requested most frequently. If you don't know which certificate you should order, opt for Unified Communications .
 
 
- If you are thinking to apply for SSL Plus choose instead a Unified Communications. Similarly avoid EV SSL Plus and go for EV Multi Domain. Both SSL Plus varieties are cheap for people buying individual certs; in the TCS contract use the better varieties that allow Subject Alternative Names and 4096 bit keys.
 
 
- For Unified Communications the portal claims it is possible to have 25 Subject Alternative Names. In reality, more than 100 SANs have been tested successfully.
 
 
- The WildCard Plus variant unfortunately has no free choice Subject Alternative Names. They are limited to one Common Name (* .an.example.nl), but the corresponding non-wild domain (an.example.nl) will be included in the certificate. Digicert might change this in the future, but at the moment there is no date if/when this will happen.
 
 
- However, a method exists to combine multiple wildcards in one certificate. First generate two or more WildCard Plus certificates, each containing one wildcard. You really need to make the certificates; ordering the requests is not sufficient. In principle, use the same public/private key pair for the wildcards. Once you have generated the certificates, ask support@digicert.com to merge their order numbers into one new combined certificate. Support puts a new request in your queue; as an admin you will have to approve it. You should be able to also merge Unified Communications in this game
 
 Example:
 Certificate 1: CN=*.eefje.surfnet.nl  SAN=eefje.surfnet.nl
 Certificate 2: CN=*.joost..surfnet.nl  SAN=joost.surfnet.nl
 Merged: CN=*.eefje.surfnet.nl  SAN=*.eefje.surfnet.nl , SAN=eefje.surfnet.nl , SAN=*.joost..surfnet.nl , SAN=joost.surfnet.nl
- Make moderately use of Extended Validation certificates. Use them for your important public Web sites, but not for server-server connections and choose a policy that does justice to the terms of use .