Wildcard-certificates can lead to additional security issues.
Wildcard-certificate is a certificate that contains a server name as a possible name that contains the “*” asterisk symbol. It is stated in RFC 2818 specification, section 3.1. If the server certificate contains the name «* .example.com», then it will be accepted as a valid client certificate for any server which name matches the pattern.
The certification business involves four major participants:
- Web-browser provider used by the client
- The user, who to a certain extent can control, what client’s browser does
- A certification authority that issues the certificates for the server
The Wildcard certificates themselves do not lead to some additional vulnerabilities for the SSL-server. In fact, SSL server does not check its own certificate. This certificate is used for customers so they can ensure that the public key included in the certificate, is a public key for SSL server. SSL-server knows a pair of private and public key, and therefore it is not necessary in this convincing.
The end users are not aware in regards to a public key. They can see only a padlock icon in the browser, and more important, the server name, which is the name that comes after the https before the first closing slash. The Web browser should be handling the technical details of which name is correct. There is a validation server certificate as well as a proof that the domain name matches the name specified in the certificate. If the browser will not do it, it can even lead to a legal consequences. In addition, the CA must follow the procedures which is determined to identify the SSL server owners. Attackers will have hard time to get fake certificates.
The user should not be deceived by using fake websites which look like the real ones. The boundary between the user’s work and the work of browsers / CAs is not obvious, and historically shifted. In the past decade, web browsers were just taken out of a raw URL, and the user had to search for the server name in it. As a result, fake URL-addresses created for phishing were frequently used by fraudsters.
Wildcard-certificates could reduce the efficiency of measures to curb fraud. They may have the same effect as empty signature of the certification authority. If phishing with wildcard-certificates will become more common, it is likely that the following measures will be taken:
- Browsers will highlight only a portion of a domain name that corresponds to the non-wildcard elements in the certificate.
- Certification Authority will require more paperwork and contracts before issuance of wildcard-certificates (and they will be more expensive).
- Browsers will disable support for wildcard-certificates as a rule.
It is worth noting that the wildcard-certificates are often have a shared pair of keys for different domain names. The private key can be shared across multiple servers. This is a potential security risk, because the more the private key on the server goes, the less it becomes private.