Silly Question - SSL Certificates

stoofa · 25 Feb 2009 at 13:54

We have the need for SSL certificates.
Various servers have an SSL certificate installed - we tend to buy our certificates from Thawte.
Mainly because they are automatically trusted by any browser we throw at them.
At this very moment in time we have the following servers secured with an SSL certificate:

mail.ourdomain.com
ftp.ourdomain.com
hr.ourdomain.com
cognidocs.ourdomain.com

If we were to buy a Thawte Wildcard SSL certificate, could we secure all of thse servers with the same certificate?

The write up on the wildcard certificate says that it can be used to secure subdomains in the form of *.ourdomain.com
However the 4 servers listed above are just that, servers and not subdomains per say.

Just looking at a cheaper way of securing our systems - just buying the one wildcard certificate is obviously cheaper than buying individual SSL certificates.

daz · 25 Feb 2009 at 14:04

I think the wildcard should be fine.

RapidSSL certificates (which you could buy per domain) are about $10 each though these days.

stoofa · 25 Feb 2009 at 14:52

Are they automatically trusted by all browsers?
I appreciate the process isn't too difficult to "install a certificate" onto a machine.
However with some of our users they like to use cyber cafe and the like for accessing their webmail and they always get "confused" when a warning pops up about non-trusted certificates.
That was the main reason we went the Thawte route to start with as all browsers automatically trust their issued certificates.

daz · 25 Feb 2009 at 15:01

Generally it follows the more expensive the certificate, the more compatible it is, so if ultra compatibility is important, go for the high-end one.

I think RapidSSL is supported by 99% of browsers. One big omission though is that it isn't recognised by Windows Mobile by default I believe.