Changes

* Sharing the same private key (certificate) among multiple web servers may introduce additional vulnerabilities that will need to be properly mitigated.

* Sharing the same private key (certificate) among multiple web servers may introduce additional vulnerabilities that will need to be properly mitigated.

* Compromise through theft of the private key (certificate) would allow an attacker to establish rogue websites that will appear to belong to the domain protected by the wildcard certificate.

* Compromise through theft of the private key (certificate) would allow an attacker to establish rogue websites that will appear to belong to the domain protected by the wildcard certificate.

* Compromise of the private key renders all TLS sessions protected by that private key vulnerable; the use of a cipher suite supporting Perfect Forward Secrecy is recommended to avoid this issue.

* Compromise of the private key renders all TLS sessions protected by that private key vulnerable; the use of a cipher suite supporting [https://wiki.gccollab.ca/GC_HTTPS_Everywhere/Implementation_Guidance#Perfect_Forward_Secrecy_.28PFS.29 Perfect Forward Secrecy] is recommended to avoid this issue.

<br>

<br>

GC Website owners must ensure appropriate risk mitigation measures are in place to minimize the risk of private key compromise.  

GC Website owners must ensure appropriate risk mitigation measures are in place to minimize the risk of private key compromise.