Entrust SSL Certificates

• Why Entrust
  • Security
  • Service
  • Education
  • Subscription
  • Discovery
  • Customer Success
• Products

  SSL Certificates

  • EV Multi-Domain SSL
  • Advantage SSL
  • Standard SSL
  • UC Multi-Domain SSL
  • Wildcard SSL

  Signing Certificates

  • Adobe CDS Signing
  • Code Signing

  User Certificates

  • Personal Secure Email
  • Enterprise Secure Email

  Certificate Management

  • Certificate Management Service
  • Certificate Discovery

  Help Deciding

  • Subscription Comparison
  • Certificate Comparison
• Support

  Product Support

  • Installation Help
  • Frequently Asked Questions (FAQs)
  • Knowledge Base
  • Guides & White Papers
  • Order Tracking
  • SSL Install Check
  • CRL Checking
  • Revoke a Certificate
  • Supported Servers & Browsers
  • Root Certificate Downloads
  • Contact Support

  Additional Support

  • Glossary
  • Blog
  • Misuse Form
  • Legal Agreements
• Partners
  • Resellers
  • Web Hosters
  • Affiliates
• About Us
  • Fact Sheet
  • History
  • Executives
  • News and Events
  • Careers
  • Awards
  • Third-Party Validation
  • Contact Us
• My Account

• Contact Us
• Entrust.com
• 866-267-9297

• Phone
• Blog
• Email

• Security
  • Green Is Gold
  • CPS
  • OV vs DV
  • Wildcard Certificates
  • Unlimited Server Licenses
  • Elliptic Curve Cryptography
  • SHA-2
• Service
• Education
• Subscription
• CMS Authentication
• Discovery
• Customer Success

Safe Use of Multi-Server Digital Certificates

The practice of using a single certificate to protect multiple servers has become more common, because of the reduced cost of certificate acquisition, and the ease of management that it entails.

Risks

However, this practice necessitates exporting the key-pair from one machine and importing it into one or more other machines. The procedure necessarily entails a reduction in assurance, because the private key exists in multiple locations. At the same time, the value of that one private key is much greater because it protects more resources.

Attacks

There are two main attacks facilitated by multi-server certificates:

• Eavesdrop: where an insider has the ability to intercept user traffic
• Impersonation: an attacker impersonates a genuine resource in the domain

Properly managed, multi-server certificates can provide increased flexibility. However, they also increase the probability of eavesdrop and impersonation attacks. Entrust recommends using proper safeguards when deploying multi-server certificates. For a more detailed analysis, please read our white paper entitled, "The Safe Use of Wildcard & Multi-Server Certificates."