1

Topic: Multidomain certificate SSL

Whether it is possible to use multidomain SSL on different physical servers Where it to buy more cheaply? Free in a fire chamber.

2

Re: Multidomain certificate SSL

Hello, telavi, you wrote: whether t> It is possible to use multidomain SSL on different physical servers Yes. And why there were doubts? t> where it to buy more cheaply? Free in a fire chamber. Why? They than do not differ inside.

3

Re: Multidomain certificate SSL

Hello, Anton Batenev, you wrote: AB> Hello, telavi, you wrote: whether t>> It is possible to use multidomain SSL on different physical servers AB> Yes. And why there were doubts? Then it was possible all swung one certificate with  and . t>> Where it to buy more cheaply? Free in a fire chamber. AB> why? They than do not differ inside. The root certificate has been compromised also sites did not open in half of browsers.

4

Re: Multidomain certificate SSL

Hello, telavi, you wrote: whether t> t>> It is possible to use multidomain SSL on different physical servers t> AB> Yes. And why there were doubts? t> then it was possible all swung one certificate with  and . Not so understood... t> t>> Where it to buy more cheaply? Free in a fire chamber. t> AB> why? They than do not differ inside. t> the Root certificate has been compromised also sites did not open in half of browsers. Speech about Chineses how I understand? Now the big propagation received Let'sEncrypt - automatically, free of charge, are supported by giants of the industry, in doubtful frauds it is noted.  on Yandex. A disk

5

Re: Multidomain certificate SSL

Hello, Anton Batenev, you wrote: AB> Let'sEncrypt [...] In doubtful frauds it is noted. Let's Encrypt produced 14 766 certificates for phishing PayPal... <<RSDN@Home 1.3.108 alpha 5 rev. 56>>

6

Re: Multidomain certificate SSL

Hello, _Raz _, you wrote: AB>> Let'sEncrypt [...] in doubtful frauds it is noted. _R _> Let's Encrypt produced 14 766 certificates for phishing PayPal And the factory of kitchen knifes can be accused of murders. And upon, the industry told lies about safety, arranged because of it , forcing owners of sites to pass on HTTPS, and now gets out that  security SSL, protects at all from from what promised.

7

Re: Multidomain certificate SSL

Hello, Anton Batenev, you wrote: t>> Then it was possible all swung one certificate with  and . AB> Not so understood... I think, means wildcard a type "*.com" "*.ru"

8

Re: Multidomain certificate SSL

9

Re: Multidomain certificate SSL

10

Re: Multidomain certificate SSL

Hello, guycaesar, you wrote: G> What purposes except phishing can pursue these certificates? For example, a host in backend for reception of payments from this most paypal.

11

Re: Multidomain certificate SSL

Hello, Stanislaw K, you wrote: SK> t>> Then it was possible all swung one certificate with  and . SK> AB> Not so understood... SK> I think, means wildcard a type "*.com" "*.ru" And, well even if to assume that someone produced wildcard the certificate on TLD the domain and then it laid out on  the meaning in usage HTTPS is lost.

12

Re: Multidomain certificate SSL

Hello, _Raz _, you wrote: R> AB> Let'sEncrypt [...] in doubtful frauds it is noted. R> Let's Encrypt produced 14 766 certificates for phishing PayPal And at what here Let's Encrypt? They correctly write: "to track cybercriminality and to catch swindlers - not their business. At PayPal in addition EV the certificate which LE does not produce.

13

Re: Multidomain certificate SSL

Hello, Ops, you wrote: Ops> And upon, the industry told lies about safety, arranged because of it , forcing owners of sites to pass on HTTPS, and now gets out that  security SSL, protects at all from from what promised. HTTPS protects from MITM (and only from it). Someone promised something another?

14

Re: Multidomain certificate SSL

Hello, Anton Batenev, you wrote: AB> HTTPS protects from MITM (and only from it). Someone promised something another? Aha, esteem under the link. To all suggested that  the label near to the address - means safely, without explaining that it means "safely".

15

Re: Multidomain certificate SSL

Hello, Anton Batenev, you wrote: AB> And at what here Let's Encrypt? Their distinctive singularity allowed to register phishing certificates in large quantities. There would be no this singularity - there would be no mass registration. AB> they Here to cost not to forget that they - simply tool for pushing through https. And for the senior Google which for a long time any more the corporation is kind. https it would be not interesting to Google, would not be and Let's Encrypt. AB> correctly write: It from the technical point of view correctly, but after all they declare that all becomes for safety of the user, and give the tool used for phishing. AB> "to track cybercriminality and to catch swindlers - not their business. So start up Safe browsing close - too after all not their business. And it is even better itself Let's Encrypt to close - did not put googling to solve on what protocols a web should work. AB> At PayPal in addition EV the certificate which LE does not produce. A kindergarten. I in a small house... . <<RSDN@Home 1.3.108 alpha 5 rev. 56>>

16

Re: Multidomain certificate SSL

Hello, Stanislaw K, you wrote: AB>>> Let'sEncrypt [...] in doubtful frauds it is noted. SK> well for phishing, and ? Well norms, ... <<RSDN@Home 1.3.108 alpha 5 rev. 56>>

17

Re: Multidomain certificate SSL

Hello, Ops, you wrote: Ops> And upon, the industry told lies about safety, arranged because of it , forcing owners of sites to pass on HTTPS, and now gets out that  security SSL, protects at all from from what promised. It completely agree, but with the small note - not the industry, and Google.... <<RSDN@Home 1.3.108 alpha 5 rev. 56>>

18

Re: Multidomain certificate SSL

Hello, _Raz _, you wrote: _R _> it completely agree, but with the small note - not the industry, and Google. Well and who else sets the fashion? Here what for it this https it is absolute everywhere, I cannot understand: in places it is more likely necessary, but other places, for example, on sites-cut-aways, it is absolutely not necessary.

19

Re: Multidomain certificate SSL

Hello, _Raz _, you wrote: _R _> So start up Safe browsing close - too after all not their business. And it is even better itself Let's Encrypt to close - did not put googling to solve on what protocols a web should work. How it helps? They without https reduce retrieval output of sites.

20

Re: Multidomain certificate SSL

Hello, Ops, you wrote: Ops> As it helps? They without https reduce retrieval output of sites. I spoke about sequence of their position - if  from "to track cybercriminality" start up all services are not engaged in it, including Safe Browsing.... <<RSDN@Home 1.3.108 alpha 5 rev. 56>>

21

Re: Multidomain certificate SSL

Hello, Anton Batenev, you wrote: SK>> I think, means wildcard a type "*.com" "*.ru" AB> And, well even if to assume that someone produced wildcard the certificate on TLD the domain and then it laid out on  the meaning in usage HTTPS is lost. So about that and speech that is not a lot of sense. The malefactor registers the left domain (in the example resulted above from  paypal.notification.yaraneaftab.zzzz), receives on it the certificate and entices "the normal user" (). The normal user sees green  in a line of the browser, relaxes and gives the data "not to those hands". To compare paypal.com with false "paypal.notification.yaraneaftab.zzzz" at "the normal user" () even ideas does not arise. MITM it is carried out, the certificate is useless. Well unless the casual administrator casual public  does not intercept accessories (login/password)  from important sites.

22

Re: Multidomain certificate SSL

23

Re: Multidomain certificate SSL

Hello, Stanislaw K, you wrote: SK> to Compare paypal.com with false "paypal.notification.yaraneaftab.zzzz" at "the normal user" () even ideas does not arise. MITM it is carried out, the certificate is useless. Only it not MITM, and phishing. HTTPS protects from MITM, but does not protect from phishing. With phishing with variable success other technologies but if the user resolved to leave money its already any technologies do not stop try to struggle.

24

Re: Multidomain certificate SSL

Hello, Anton Batenev, you wrote: SK>> to Compare paypal.com with false "paypal.notification.yaraneaftab.zzzz" at "the normal user" () even ideas does not arise. MITM it is carried out, the certificate is useless. AB> only it not MITM, and phishing. HTTPS protects from MITM, but does not protect from phishing. With phishing with variable success other technologies try to struggle, I think, the phishing site (if wants  more than the data) often appears (not) simple  a page, so, in a web, between phishing and MITM an edge too thin. AB> but if the user resolved to leave money its already any technologies do not stop. It is not clear to stop it what for. The person has the full legitimate right to dispose of the money. Fortunately https to it in any way does not hinder.

25

Re: Multidomain certificate SSL