wildcard SSL, is this a bad thing?



do wildcard SSL cert's have a bigger security risk?

we are building 4 new servers for our internal intranet staff directory.
we will have a c-name for each server.

this way we can point any c-name at any server for DR and maintance outages.

the old system was to have an SSL cert for each server.
svr1.intranet.company.com
svr2.intranet.company.com
svr3.intranet.company.com
svr4.intranet.company.com

problem is that if we re-point a c-name we will get a SSL cert mis-match.

my plan is to make each server use a wildcard SSL cert of *.intranet.company.com
I know my solution will solve the problem but is it a security risk?
is this a bad thing?

what security risks am I opening up?

thanks

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------



Relevant Pages

  • wildcard SSL, is this a bad thing?
    ... do wildcard SSL cert's have a bigger security risk? ... this way we can point any c-name at any server for DR and maintance outages. ... I know my solution will solve the problem but is it a security risk? ...
    (Security-Basics)
  • Re: wildcard SSL, is this a bad thing?
    ... we will have a c-name for each server. ... what is the real security risk there? ... have the same certificate used on a couple sites increase their probability to ...
    (Security-Basics)
  • Re: Windows 2003 and http "filesharing"?
    ... Dynamic -- where code is executed on the server, with parameters, and ... Execute code that shouldn't be executed ... Execution permissions ("Scripts" or "Scripts and Executables") enabled, ... I am pointing out that this increases security risk and vulnerability to ...
    (microsoft.public.inetserver.iis)
  • Re: Should IIS svr NOT be in domain
    ... The risk being any compromise of that box can ... the external internet should not be able to reach a machine on ... Georgia Sam wrote:> We've got one IIS server in our small network. ... I've heard that it's a> security risk for the IIS server to be a domain member. ...
    (microsoft.public.windows.server.security)
  • Re: DFS
    ... I'm guessing the biggest security risk is if the TS is available for access ... but maybe the benefits of DFS aren't going to outweight the security risks ... > Thanks Mark, I suppose that makes sense, I hadn't thought about it from ... >> their files from the DFS member server. ...
    (microsoft.public.windows.server.sbs)