i had an interesting conversation with a bank IT security employee, and they raised a few questions.
What is the maximum strength/bit length of a wildcard domain certificate?
Are they as secure? (in the encryption sense)
i had an interesting conversation with a bank IT security employee, and they raised a few questions.
What is the maximum strength/bit length of a wildcard domain certificate?
Are they as secure? (in the encryption sense)
You can make certificates pretty strong, however not all browsers support encryption that strong. 16384 bits is valid, though getting a commercial certificate authority to issue one is another matter.
Fundamentally, wildcart certs are no different than non-wildcard certs from a technical point of view; they just have a "*." in their subject line.
Update:
Based on your comment, the bank person you were talking to is of the opinion that the stream cipher is restricted to 40-bit for wildcard certificates. This is not the case. My old job uses a wildcard certificate for most of their web-presences, and a little work with openssl shows that the cipher on those certs is "RC4-MD5" which is a 128-bit cipher.
The 40-bit limit may have been a limit with other SSL suites in webservers, browsers, or certificate-authority infrastructures, but is no longer a limit.
You also have to take into account, how log the certificate is vald. The shorter the time span, the shorter the bit length of the certificate is. A wildcard certificate will be prone to multiple sites rather, hence will receiver more attention on the web.