Comment by silvestrov

3 years ago

> perfect use case for wild card certs

I don't like distributing wild card certs as you then have a bigger problem if the cert is leaked.

When the cert is host specific you immediately know where the leak comes from and the scope of the leak is restricted.

2 comments

silvestrov

Reply
sigjuice  3 years ago

Yes, the scope of the leak would be limited. But if a privkey.pem file from one of the hosts of my network is leaked, how do I “immediately” know which host the leak came from?