Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

We are a small startup. One of our products is a B2B web service, accessible thr

ID: 659842 • Letter: W

Question

We are a small startup. One of our products is a B2B web service, accessible through its https://service.example.com canonical URL.

For testing purposes, that service also runs on different testing/staging/integration environments, such as https://test.service.example.com , https://integration.service.example.com, etc.

We also have collaborative tools such as a bug tracker or a wiki. They run also on machines provided by our hosting provider. Their URLs are e.g. https://wiki.example.com, https://bugs.example.com.

To keep things simple, we use a single certificate (for example.com), and have added all the URLs above as Subject Alternative Names to that same certificate. All our servers thus use the same certificate.

Is there any security issue in doing so that we should be aware of? If yes, what would have been the "correct" way of doing things?

Explanation / Answer

Using the same certificate does not in any way affect the fundamental security of the connection that is established using it.

The only possible "weakness" introduced by using the same certificate is that if that certificate expires or is leaked all your sites will be affected. Since this certificate is on multiple servers and some of them might be test servers with less security there is the possibility that the private key of that certificate can be inadvertently leaked or exposed from one of these unchecked servers. This is is certainly not a failure of the security provided by the certificate, but rather a failure in keeping the certificate's private key secret.

The alternative would be to use separate certificates for all your sites which would mean that you would have that administrative burden of having to renew, protect and monitor multiple certificates.

If you properly protect the private details of that one certificate there is no reason why using it would introduce any additional security concerns.

Related Questions

We all know that 2 is the only even prime number. For the purposes of this probl
Question #3005058
We all know that Hydrogen molecules (H2) and Oxygen molecules (O2) combine into
Question #1032118
We all know that a business could make a decision that while legal, might not be
Question #1146285
We all know that a class\' input methods (should/should not) prompt the user. Af
Question #3815545
We all know that carbohydrate cannot be synthesized from \"fat\" in the diet --
Question #861405
We all know that databases supply the fuel for the productivity engine in the in
Question #3627160
We all know that databases supply the fuel for the productivity engine in the in
Question #3852078
We all know that databases supply the fuel for the productivity engine in the in
Question #3853695
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
We are a small company and process less than 500 Credit Card transactions each y
Next
We are able to determine the percentage of aluminum and zinc in analuminum-zinc

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.