Virtualization Technology News and Information
Article
RSS
Reasons Why Big Org Should Never Use WC SSL

Reasons-Big-Org-Should-Never-Use-WC-SSL 

Touted to be one of the most flexible and cost-effective, Wildcard SSL Certs seem to be one of the best ways to deploy HTTPS across sub-domains quickly and easily. However, the picture isn't all that rosy. Wildcard SSL has some major drawbacks which nullify the benefits of these SSL certificates, making them a less attractive option, especially for big organizations. What are these drawbacks? Why should big organizations avoid Wildcard SSL Certs? Read on to find out. 

Wildcard SSL Certs: An Overview

Wildcard SSL is a public-key certificate that secures one primary domain and unlimited first-level subdomains of the primary domain. The name of the higher-level domain with an unconstrained number of sub-domains and leaf nodes, is prefixed with a wildcard character - Asterix (*) while creating a certificate signing request. This way the sub-domains and leaf nodes are secured too.

Example 

For primary domain - *example.com, you can secure an unlimited number of first-level sub-domains such as

  • www.example.com
  • mail.example.com
  • blog.example.com
  • app.example.com
  • test.example.com
  • it.example.com
  • hr.example.com
  • shop.example.com
  • login.example.com and so on.

Benefits

  • Flexibility
  • Scalability
  • Easy management
  • Cost-saving

Drawbacks of Wildcard SSL Certificates: Why Must Big Orgs Never Use Them?

Sharing/ Duplication of Private Keys

Typically, authentication key-pairs were created by the authentication subject. While the public key is exported and widely known, the owner of the key pair keeps the private key confidential. The certificate authenticates that the entity is the owner of a particular public key. The private key does not exist outside this entity's cryptomodule in the unprotected/ unencrypted form. Despite the lack of flexibility, this approach is highly secure and offers a higher level of assurance.

What happens with Wildcard SSL Certs is that they allow sharing of the private keys. In big organizations, different sub-domains exist for different departments, sellers, vendors, product lines, etc. and are hosted on multiple servers for operational ease. Further, the private key exists in different locations and is also passed through several people over its lifetime in such organizations if Wildcard SSL Certificates are used. Given that private keys are like CVV numbers of credit/ debit cards, sharing with others or duplicating them across multiple servers is detrimental. This heightens the security risks attached to these SSL certificates.

If one of the servers is compromised, all servers using the same private key are exposed to the risk. The best practice is to have a single private key for a single server.

If these private keys fall in the hands of attackers or even a malicious insider, they can orchestrate a range of attacks such as:

  • Man-in-the-middle attacks - impersonation of a genuine resource in the domain using a stolen private key and thereon, luring victims to the fraudulent resource through DNS poisoning/ traffic redirection/ phishing.
  • Eavesdropping attacks - accessing confidential information by intercepting user traffic and decrypting sessions through eavesdropping.
  • Phishing attacks - Attackers could get Wildcard Certs for fictitious companies and use these valid Certs to create malicious sub-domains to be used for phishing.

Lack of Ownership

Generally, the DNS name in the certificate helps organizations keep track of who is responsible for maintaining the infrastructure where the certificate is used. The line of ownership between the system and the Wildcard Cert is blurred. This ownership problem could lead to outages if these certificates expire and pose major security problems if compromised.

Lack of Control

The level of control with the organization diminishes over new sub-domains that are created; such sub-domains get automatically added to the Wildcard SSL Cert and leaves all sub-domains under the certificate open to attacks.

This is exactly what happened to Facebook in Year 2016. A sub-domain was created on Facebook's root-domain, and covered under a valid Wildcard Cert. By creating a Facebook Page Verification Form, attackers are carrying out phishing attacks against Facebook users. Since the Wildcard Certificate is valid for all facebook.com sub-domains, the browser does not show any warning signs and the attackers are successful in stealing credentials from unsuspecting users.

No EV Option

Extended Validation requires rigorous scrutiny from the Certificate Authority (CA) for every domain or sub-domain created. Since Wildcard SSL Certs allow unlimited sub-domains to be added even at a later stage, the CA cannot ensure such rigorous scrutiny. Therefore, only Organizational Validation and Domain Validation are available for Wildcard certs. Without EV, organizations do not get visible signs of protection such as green padlocks.

Conclusion

Do Wildcard SSL Certs seem like a beneficial option? Think again. Wildcard SSL Certificates may offer flexibility and cost-saving, but they come at a heavy price tag. Big organizations are at a higher risk of massive reputational damage if attackers gain access to private keys and orchestrate attacks. Despite the seeming benefit, there is a high risk-factor attached to such certificates when used in the production environment. However, businesses can alternatively choose from OV or EV SSL certificates from Indusface, to improve customer experience and trust.

##

Published Thursday, October 28, 2021 10:08 AM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<October 2021>
SuMoTuWeThFrSa
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456