I am using Jelastic Let's Encrypt add-on to configure SSL for my Jelastic environments. Everything works fine for a single domain or manual addition of subdomains. But while adding wildcard domain such as *.test.app, it doesn't accept this value and doesn't allow me to configure.
I have a domain from Porkbun which provides a Let's Encrypt SSL bundle that supports wildcard SSL out of the box but why can't I do the same thing in Jelastic? I have an app which needs to have subdomains created on the fly and adding new subdomain each time and updating the SSL is definitely not the efficient way. Is there any way I can add wildcard domains too?
Related
My site on openshift works with http and https prefix. Does it mean that https is allready set up properly so I do not need any additional steps to configure it there? Do I need any ssl sertificate for https?
As you mentioned in comments, you are using openshift v2.
Here you can use either custom rhcloud.com subdomain or use your own domain name.
All applications URL under rhcloud.com (say, example-username.rhcloud.com) use a shared SSL certificate. So, If you use rhcloud.com subdomain, you don't need to configure anything. They automatically provide *.rhcloud.com wildcard certificate.
To use HTTPS for your custom domain name (say, www.example.com) or alias, you need to upload your own certificate. To upload custom SSL certificate, You need to subscribe to a Premium plan. Free plan does not allow custom SSL certificate.
You can read more about how to set up custom domain, alias or SSL certificate, here. The previous documentation link is valid only for openshift v2.
I have developed a multi tenant app, using PHP and Apache. By default each client has a free subdomain like customer.app.com. But they can point their custom domain to the application, For this they needs to change the A record of their domain to point to the IP of the app.
One of our users, wants to use his custom ssl certificate, to run the app via https in his custom domain.
My question, is how i can make to allow all customers, can use their custom ssl certificate in their domains.
The only way to make this work is to make an entry into Apache for each subdomain, so it knows what certificate to load. You could make one giant .conf, or you could make one .conf per subdomain. Make sure you're using a version of Apache that supports Server Name Indication (Apache 2.2.12 or later), or you'll have to have an IP per certificate.
My main site https://example.com has an SSL cert, no problem.
Now, I have developped a related application, that is hosted on a completely different server, and under : app.example.com. It has a dedicated IP.
The app uses websockets and needs SSL to function properly acros all devices. But I'm having trouble finding out how to register a new certificate for a subdomain... What's the strategy here? Should I have a wildcard cert on the main server, and somehow redirect from there? In that case, the app server wouldn't have access to the cert, and I wouldn't be able to create my secure socket connection, right?
The certificate has to be installed where the server which provides content using this certificate. This means
That the certificate for the subdomain has to be used on all servers which serve the subdomain, i.e. your websocket server.
And nowhere else, i.e. it is not needed at the main domain just to provide a redirect from the main domain away.
You are free to use any certificate which matches the subdomain, that is it can be a wildcard certificate but can also be specific for only this domain.
You can go for a wild card certificate and bind it to all the URL's who share the same domain. But keep in mind, the wildcard certificates (irrespective of any brands) supports unlimited first level sub domains .
Wild card certificates can be installed on any server where the FQDN is hosted. In situations where the the sub domains are hosted on multiple servers, the wildcard certificate will work for all of them.
I am having a bit of trouble understanding how many ssl certificates I should get under specific conditions:
I have two pages the user is supposed to use (index and main) and all other scripts users don't access in the front end (e.g. uploadFile.php).
I have socket.io implemented in port x which I want to run over https protocol.
How many ssl certificates should I get under these conditions to assure secure data traffic? (is the data from all other php scripts still secure if index and main have ssl?)
SSL cert is issued for a specific DNS name. So if you run your PHP and Socket.io applications on the same domain, one cert is surely enough to secure both.
If you run your app on two different domains, you need to (a) use two separate regular certificates, or (b) have one SAN certificate (it secures multiple DNS names).
Also there is a wildcard certificate, it secures all direct subdomains of specified domain (*.some-site.com). It can be combined with SAN feature, so it can secure base domain some-site.com and direct subdomains as well.
IF your website is accessed via different website on https , then your website and the website through which its accessed needs to have their separate SSL certificate.
If your website does not have an ssl certificate , the connection will be dropped when your website link is accessed via other website.
We would like to setup an application on Windows Azure at abc.cloudapp.net which would have a CNAME record for www.mydomain.com pointing to it and then allow clients to do the same. Our application would then look at the requested URL and then pull out relevant data based on the requested domain (abc.theirdomain.com or www.theirotherdomain.com).
Our initial tests show that this should work, however the problem lies in that we need the site to be secure. So we'd like clients to be able to setup shared SSL certs with us that we would upload to our Azure subscription that then allowed them to create a CNAME record (abc.theirdomain.com or www.theirotherdomain.com) that points to either www.mydomain.com or abc.cloudapp.net.
Is this possible?
Edit: I'm not sure if this is the same question as Azure web role - Multiple ssl certs pointing to a single endpoint.
We've used a multi-domain certificate in this situation - see http://www.comodo.com/business-security/digital-certificates/multi-domain-ssl.php for details. This will work for up to 100 different top-level domains.
The problem with a multi-domain certificate is that it is more expensive than a "normal" certificate and that every time you add a new domain, you will have to deploy a new package with the updated certificate.
On the other hand, you could have multiple SSL certificates (one for each domain) and then the answer you seek is here Azure web role - Multiple ssl certs pointing to a single endpoint.
No, I don't think your setup would be possible with a single SSL cert. In general, SSL certs are tied to the hostname (e.g. foo.domain.com and foo.domain2.com need different certs). However, you can purchase a wildcard SSL cert that will help if you use the same root domain, but different subdomains (e.g. foo.domain.com and foo2.domain.com can share a wildcard cert).
So, in your case, since you are allowing different root domains, then you need a different SSL cert for each. If instead you choose to allow different sub-domains on same root domain, you can get away with the wildcard cert.