Wildcard Certificates and Client Authentication for Machine Authentication

If a wildcard certificate is provisioned for *.domain.fqdn, and has Client Authentication as a defined usage, does this mean the certificate can be used to essentially impersonate any domain machine?
My understanding is that it is up to th… Continue reading Wildcard Certificates and Client Authentication for Machine Authentication

HTTPS IP devices and certificate best practices, why can’t I sign a certificate for my local ip device?

I have a IPv4 network behind a pfSense firewall at my small business. We have around 200 IP devices on the network. We have about 30 Axis IP cameras which have MJPG streams embedded into webpages as img tags. The webserver is internal and … Continue reading HTTPS IP devices and certificate best practices, why can’t I sign a certificate for my local ip device?

Are all web servers for a domain wildcard certificate supposed to have the same private key?

If I have three web servers that all have the same CSR based on a domain, *.domain.com, does that mean all the servers have the same private key? I know it’s a short question, but I am not sure of the SO answers I have read…. Continue reading Are all web servers for a domain wildcard certificate supposed to have the same private key?

Are all web servers for a domain wildcard certificate supposed to have the same private key?

If I have three web servers that all have the same CSR based on a domain, *.domain.com, does that mean all the servers have the same private key? I know it’s a short question, but I am not sure of the SO answers I have read…. Continue reading Are all web servers for a domain wildcard certificate supposed to have the same private key?