I have several certs from godaddy for subdomains like vpn.mysite.com and data-server.mysite.com. If I purchase a wildcard cert for *.mysite.com will my current certs become invalid and need replacing? Or can I use them til they expire then swap them out for the wildcard?
Related
We have purchased a valid wildcard SSL certificate from Entrust.
Let's say it is a wildcard certificate that covers *.ourcompany.com
I understand we can use this certificate directly on our web services.
Since, it'll be a lot of servers, we wanted to lock down a little bit the wildcard certificate.
Can we use this wildcard certificate to sign separate set of certificates for subdomains like service1.ourcompany.com, service2.ourcompany.com, etc. ? (without involving Entrust for each of those subdomains/ subservices).
Pros:
If one of those services gets compromised, it'll be limited to that service only ;
We don't have to reach out to Entrust for each of the subdomains (as there could be a lot of them) - also in terms of cost ..
In other words, I'm thinking if it's possible to treat a wildcard ssl cert as an "authority" to validate ssl certs in subdomains. (be part of SSL Certificate Chain)
Thank you.
I'm using certbot with letsencrypt to generate ssl certificates for a few subdomains on a few sites. The certs are generated using the --manual flag with a DNS challenge.
It's now time to renew a dozen or so certificates, is it possible to do this without changing the certificate body itself, or is the expiration date built into the certificate itself?
My goal is to manually renew a bunch of certs without having to redeploy the servers.
The expiration data is part of the certificate. Just look at the cert with a text editor and you will see this.
with longer expiration dates. If what you want to do was possible the expiration data would be worthless.
To get around this purchase certificates with longer validity.
Note: Effective March 1, 2018, CA/Browser Forum Baseline Requirements restrict the maximum validity of DV and OV SSL certificates to 825 days. The change goes into effect March 1, 2018 and affects all CAs and all types of SSL/TLS Certificates. See GlobalSign.
I have two websites/domains hosted on godaddy(vps) and I erroneously renewed SSL for the wrong domain. Is there a way I can undo this or transfer the SSLto the correct domain?
Contact GoDaddy and get them to revoke the certificate and re-issue you a new one. I dont think StackOverflow can help you in this regard - this is a GoDaddy Customer Service issue.
Once you buy an SSL Certificate for a domain, that domain name can't be replaced with another one. If you have purchased a Multi-Domain SSL certificate, then you can add the new domains as the SAN domain.
As you have reissue the SSL Certificate for the wrong domain, the only solution is.
Cancel your order and ask for refund to GoDaddy, then again reissue your SSL certificate for the domain name which you were actually wishing.
To begin let's say I have this configuration :
mywebsite.com is related on machine 0.0.0.1 (with ssl certificate)
cloud.mywebsite.com is related on machine 0.0.0.2 (without ssl certificate)
can I ask for a new SSL certificate for "cloud.mywebsite.com" or this will create issues because of domain/subdomain ?
Thanks for the response.
Instead of asking for a new SSL Certificate, you only need to get Wildcard SSL Certificate that will secure your main domain as well as its all sub-domains. For example:
If you get Wildcard SSL certificate for *mywebsite.com then it will secure,
https://cloud.mywebite.com
https://mail.mywebsite.com
https://photos.mywebsite.com
https://anything.mywebsite.com
So, you will not have to manage multiple SSL certificates for your main domain and its sub-domain. Wildcard SSL certificate will reduce the hassle of server administrators for multiple SSL management. I suggest you to read this article, which will give you clear understanding of Wildcard SSL Certificate.
For a single domain, can I have two different ssl certs from two different CAs, each cert has its own expiration date, and use them on different servers? Does the earlier cert automatically expire?
Thanks
Yes this would be fine. As far as the client is concerned changing certificates and IP addresses for domains is acceptable provided both certs have valid chains to trusted CA's.