On Wed, 20 Dec 2017, Trevor Cordes wrote:

No hits on the net about this, so I'll pick the MUUG brains instead:

I just bought a new cheapo cert using the newly-acquired-by-GeoTrust- who-then-got-acquired-by-Symantec (I think; it's confusing) RapidSSL. I'm a fine-print reader... and the confirmation email lists the terms I must accept and this one surprised me:

2. RapidSSL may issue SSL/TLS certificates for sites including one of the

domain names above as the leftmost label.

Huh? What does that even mean? The more I thought about it, the more it sounded suspiciously like they are saying they can issue a cert *to someone else* (or themselves) like tecnopolis.otherdomain.com? I'm not even sure that makes sense. Maybe I'm reading it incorrectly.

Maybe they're just saying they could issue tecnopolis.us to someone else? If so, why even mention that; it goes without saying. No other cert vendor I've dealt with has bothered to stipulate that before.

Can anyone else decipher this verbiage? Thanks!

I think they are saying (warning) customers that if they give me a cert for daryl.ca

then can also give a cert for some other entity daryl.ca.cx

just to avoid legal hassles and help customers avoid not-so-helpful browsers that will tack .com on the end of a domain if the DNS lookup fails. So if I am running the DNS authority for daryl.ca and it doesn't respond then dark forces could have a near replica at daryl.ca.com for whatever nefarious reasons.

-Daryl