SSL compatibility list
There are on the marked now several types of SSL certificates. With he growth of encrypted communication certificates can be expensive and complicated to implement. And as there are some compatibility issues with some of these certificates you need to know when to use one over the other.
Kind of SSL certificates
Here is the most important types of SSL certificates. It is also important to choose the right issuer for your certificates. Read here why it is important to choose the right issuer.
Also note that some platforms (mostly mobile) seem to have problems with certificate chaining. Chaining is the process where one issuer issues an intermediate certificate to another issuer who then issues a certificate to you. I have not verified this myself, but read about it on the net.
SSL certificate
This is the most common certificate in use today. You buy one certificate for each host header (the name that is displayed in your browser).
This type of certificate have been on the marked for many years now.
EV SSL certificate
This type of certificate is not covered here in detail, but it is a normal certificate with a green address bar. This certificate is pushed out on the marked now as the new, more secure certificate.
The certificate is by it self not more secure when it comes to encryption, but it is harder to get this type of certificate. EV stands for Extended Validation - and it is the validation of the purchaser of the certificate.
Wildcard SSL
With this certificate you buy one for your organization, that is for each hostname under a given domain name. The certificate "*.helge.net" can be used to encrypt both the sites blog.helge.net and www.helge.net with one certificate.
Not all browsers support wildcard certificates.
SAN certificate
Subject Alternate Names is a kind of certificate that became popular with the introduction of Exhcange Server 2007. With this kind of certificate you add have 5 different (and disjoined) host names in the certificate. One name is the common name and the others are the alternate names.
I could buy a certificate with the following host names included:
- www.helge.net
- www.blogger.com
- blog.helge.net
And (if all sites were running on the same server) then encrypt all sites with one certificate.
Not all browers can read the alternate names. But all browsers can read the common name.
UC SAN certificate
This certificate is an variant of the SAN certificate that has no limitations on the number of alternate names. So I can have as many names as I want in the certificate.
But only one common name.
Not all browers can read the alternate names. But all browsers can read the common name.
Wildcard SAN certificate
In this certificate you can have a wildcard name in the common name and 4 alternate names in the same certificate.
Compatibility list
| Cert | IE6 | IE7 | WM5 | WM6 | Symbian (Nokia) |
|---|---|---|---|---|---|
| Std. cert | |||||
| EV SSL | No green bar | No green bar | |||
| Wildcard | |||||
| SAN / UC SAN | |||||
| Wildcard SAN | |||||
Sources
- Certificate improvements in Windows Mobile 6
- Subject Alternate names compatibility as seen by Digicert.
- Certificates for Windows Mobile 5.0 and Windows Mobile 6 from the Technet.
- Nokia support talk regarding SAN certs
Labels: web
posted by Helge Olav Helgsen @ 10:52
0 comments
links to this post
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home