SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


What are limitations of Wildcard or OmniDomain certificates?

  • The wildcard character only replaces characters from 0 to 9 and from A to Z and dash (equivalent to [0-9A-Za-z\-]+)

  • The wildcard certificate works well for IIS except that the points are not taken into account in the star by Internet Explorer. This is a choice of Microsoft and the RFC 2818. The Mozilla family of tools was more tolerant than the norm, until Firefox 3.0.13 (NSS 3.12.3), which joins the commonly accepted operation of other browsers.


  • There is a limitation of ISA Server 2004 that allows to accept HTTPS requests on a wildcard certificate but the ISA server itself cannot initiate an HTTPS connection to an IIS server with a wildcard certificate. This works in ISA Server 2006.

  • Microsoft LCS (live communication server), Microsoft Office Communication Server and Lync (before version 2013) products that use SSL certificates do not allow the use of wildcard certificates.

  • Activesync only works with wildcards starting from Microsoft Mobile 6 (WM 3, 4, and 5 do not work with wildcards). A standard certificate is required.

  • Some mobile devices (cellphones) do not handle * character and display an error when checking the certificate.

  • Windows Mobile 5 does not support Wildcard certificates (no brand). On the other hand Windows Mobile 6 supports them

  • If you are using RPC over HTTPS, you'll need to set-up outlook, see RPC over HTTPS and ISA 2006 and Wildcard

  • You may encounter issues when using Wildcard certificates with Microsoft IIS 6 SP1 and IIS7

  • Barracuda Spam Firewalls can only create a certificate with a name that matches the server name. Technically, you can work around this issue by naming your server in the *.domain.com format.
The following servers can not handle Wildcard certificates:
  • Novell iChain 2.3 SP3
  • Oracle Wallet Manager (previous versions to 11g)
  • Aventail (before its version 10.5)

What are the drawbacks of Wildcard or Omnidomains certificates?

  • the security: should a server hosting such a certificate be compromized, the other servers using that same certificate may be endangered as well (same private key).
  • the management: should a Wildcard or Omnidomain certificate be revoked, you'll have to remove it from all the servers that are using it.
  • The compatibility: to prevent issues you need to consider that the star only replaces one domain level.


Useful links