PKI Deployment: Best Certificate Type for Internet-Facing Website

Best Certificate Type for PKI Deployment on Internet-Facing Website

Prev Question Next Question

Question

A company wants to deploy PKI on its Internet-facing website.

The applications that are currently deployed are: -> www.company.com (main website) -> contactus.company.com (for locating a nearby location) -> quotes.company.com (for requesting a price quote) The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com.

Which of the following certificate types would BEST meet the requirements?

A.

SAN B.

Wildcard C.

Extended validation D.

Self-signed.

B.

Explanations

A company wants to deploy PKI on its Internet-facing website.

The applications that are currently deployed are: -> www.company.com (main website) -> contactus.company.com (for locating a nearby location) -> quotes.company.com (for requesting a price quote) The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com.

Which of the following certificate types would BEST meet the requirements?

A.

SAN

B.

Wildcard

C.

Extended validation

D.

Self-signed.

B.

The certificate type that would best meet the requirements of deploying PKI on the company's Internet-facing website, which includes the main website, locating nearby locations, requesting a price quote, and any future applications that follow the same naming conventions, is a Wildcard SSL certificate.

A Wildcard SSL certificate is a type of SSL/TLS certificate that can secure a primary domain and all its subdomains. It is designed to be used on websites that use a common naming convention for their subdomains. In this case, the company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Therefore, a Wildcard SSL certificate is the best option.

The SAN (Subject Alternative Name) certificate can also secure multiple domains and subdomains, but it requires adding each domain and subdomain to the certificate explicitly. Therefore, it would not be the best option for this scenario where the company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions.

The Extended Validation (EV) certificate is a higher level of SSL/TLS certificate that provides additional validation of the website's identity, but it is not necessary for this scenario where the company only wants to secure its Internet-facing website and its subdomains.

A self-signed certificate is a type of SSL/TLS certificate that is signed by the website owner, not by a trusted third-party Certificate Authority (CA). It is not suitable for an Internet-facing website because it will not be recognized as a trusted certificate by web browsers, and users will see a security warning when they visit the website.

In conclusion, a Wildcard SSL certificate is the best option for the company to deploy PKI on its Internet-facing website and all its subdomains.