Standard SSL to protect multiple subdomains - ssl-certificate

I have a domain(GoDaddy), say example.com and standard SSL certificate to protect it. The combo works fine to setup a secured website hosted in Apache2 at https://www.example.com
Can the same SSL certificate be used for more subdomains like https://api.example.com and https://learn.example.com?

Standard SSL certificate can only secure single domain name for example example.com but it can secure api.example.com, learn.example.com but for that you will have to purchase separate standard SSL certificate for each sub domain.
So in this case Wildcard SSL certificate will remain the best option to secure first level of unlimited sub domains of the main domain name (example.com) like api.example.com, learn.example.com,payment.example.com etc. etc.

If you want to protect multiple sub domains like https://api.example.com and https://learn.example.com, you need a wildcard SSL Certificate which can cover unlimited number of sub domains.
Additionally, if you want to protect both multiple domains or sub domains, you can use multi domain wildcard SSL Certificate.

Related

NET::ERR_CERT_COMMON_NAME_INVALID - www to non-www with ssl and sub-domains [duplicate]

I bought a wildcard certificate for *.example.com. Now, I have to secure *.subdomain.example.com. Is it possible to create a sub-certificate for my wildcard-certificate?
If it is, how I can do this?
No, it is not possible. A wildcard inside a name only reflects a single label and the wildcard can only be leftmost. Thus *.*.example.org or www.*.example.org are not possible. And *.example.org will neither match example.org nor www.subdomain.example.org, only subdomain.example.org.
But you can have multiple wildcard names inside the same certificate, that is you can have *.example.org and *.subdomain.example.org inside the same certificate.
It is impossible to secure multi-level subdomains with a single wildcard certificate. If wildcard certificate issued for *.mydomain.tld, so it can secure only first-level subdomains of *.mydomain.com.
To secure your second-level subdomains, you have two choices.
Purchase another wildcard certificate for *.sub1.mydomain.tld. In that case, you need to manage two individual wildcard certificates.
You can go with a multi-domain wildcard certificate, where you can add up to 100 multiple domains or subdomains.
For example,
*.mydomain.tld
*.sub1.mydomain.tld
*.sub2.mydomain.tld
*.anydomain.com
It will secure your multiple domains and multi-level subdomains and reduce your hassle from multiple certificate management.
As per 7 year old article at https://www.digicert.com/news/2010-9-1-new-wildcard-features/ :
DigiCert Wildcard Plus certificates can secure any subdomain using
subject alternative names (SANs). A traditional wildcard certificate
for *.example.com will only secure a first-level subdomain of
example.com such as mail.example.com. DigiCert’s Wildcard Plus
certificate uses SANs to secure any subdomain of example.com,
including multi-level subdomains such as mail.internal.example.com.
With this new feature, all subdomains can be secured with a single
Wildcard Plus certificate from DigiCert. The base domain itself,
example.com, is automatically included as a SAN in every Wildcard Plus
certificate as well, which increases compatibility and protects
example.com with or without the “www.”
No, You can't create sub-certificate for your wildcard.
-> Your wildcard Certificate is for *.mydomain.tld, so as per Wildcard SSL guideline you can secure first level sub-domains. Means anything.mydomain.tld can be secured.
-> But if you want to use it to secure *.subdomain.mydomain.tld, which is for second level sub-domains, but wildcard certificate cant secure second level sub-domains.
Solution
-> You need to buy one more wildcard SSL Certificate for your second level sub-domain *.subdomain.mydomain.tld

IIS 7- Can I combine EV SSL with Wild card certificates?

Our site has a lot sub-domains which we all secure with a wildcard SSL certificate. Now we want to add an EV-SSL certificate for our www sub-domain to increase security and trust in our site. The other sub-domains still have to use the wildcard certificate.
The site is configured as a single site on IIS 7 with all sub-domains listed as http(s) bindings.
Is it possible in IIS 7 to use these two certificate types on one domain?
Yes, it is possible to have two different certificates for the same domain name with the help of SNI technology and need to binding your certificates during configuration.
You need to request EV SSL certificate for your example.com which will secure both versions of the domain as www and non-www.
For subdomains security, you can apply for Wildcard SSL certificate for *.example.com
References –
https://www.ssl2buy.com/wiki/server-name-indication-sni-use-multiple-ssl-on-a-single-ip
https://support.comodo.com/index.php?/Knowledgebase/Article/View/639/0/certificate-installation-microsoft-iis-7x
No, it is not possible that you can use two SSL certificate type for same domain name. Because SSL certificate is issued to FQDN (Fully Qualified domain name).
So you can't use two SSL certificate for same domain name.
For example,
If you are using wildcard ssl certificate for blog.xyz.com then you can't take EV SSL certificate for that same domain name.

Can i implement Wild card SSL certificate on Two Domains?

I have Wild Card SSL Certificate and i need to implement it on multiple domains. on first it is being implemented and on second i have to implement. Is it possible that i can implement the same certificate on Two Domains. Domains are hitting the same IP Address, means hosted on same server. But having different Domains first is like: https://erp.example.com and Second is http://app.example.com. Both application are differently hosted on IIS.
Please suggest.
If the certificate is a *.example.com cert, then yes, you can. That is, after all, the whole point of a wild card certificate: to support any domain combination of the base domain.
We do it ourselves.
I'm unsure if that is your actual question though.
If you have enabled your Wildcard SSL certificate for your domain *.example.com then yes you can secure both subdomains erp (.dot) example.com and app (.dot) example.com.
Below resources will help you to install Wildcard SSL certificate on IIS server very easily:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO19990
https://www.clickssl.net/blog/how-to-install-wildcard-ssl-certificate-in-iis-7
You are questioning about two domains, but actually you have two sub-domains under single domain and if you already have Wildcard SSL certificate, your all sub-domains will be protected. Wildcard SSL issued on *.example.com will automatically secure unlimited number of sub-domains. It does not really matter your sub-domains are hosted on same server or differently, you can secure all with Wildcard Certificate.
What will be secured with single Wildcard SSL;
https://app.example.com
https://erp.example.com
https://anything.example.com
Ps: Wildcard certificate will help you secure sub-domain only first level.

EV SSL on main domain and Wildcard SSL for subdomains

Can I have EV SSL for my main domain (say www.example.com) and Wilcard SSL for my subdomains (say eb1.example.com, eb2.example2 etc)?
If yes, then can you please let me know how to configure it?
If not, then please suggest me alternate methods.
All the subdomains and the domain will be hosted on Amazon and will have one IP.
Yes, you can purchase an EV SSL Certificate for your main domain and wildcard SSL certificate for the sub domain names.
Please ensure that the Main domain has a dedicated IP Address and it is not shared with the sub domains.
You can have use multiple certificates at the same time which overlap in the subjects like in your case. To have multiple certificates for the same IP address the serve and client must support SNI. Most modern server and browsers do. But older browser like IE8 on XP do not and support within non-browser application is mixed.

Wildcard SSL - Do I need another SSL for subsubdomain.subdomain.domain.com?

I'm not sure if I could word it right. I know that Wildcards SSLs will support any amount of subdomains in a domain. But does it also support subdomains of already existent subdomains?
I'm about to buy a wildcard SSL but I need to have this kind of setup: subsubdomain.subdomain.domain.com
Will I need more certificates or will only one wildcard certificate be enough?
Thanks.
Yes wildcards can support sub domains of already existent sub domains, but there are different criteria to secure your domain and sub domains and multi level sub domains.
First: If you only need to secure your *.subdomain.domain.com
In this case you can secure your all sub domains with single Wildcard SSL. CSR require to be generated on subdomain.domain.com – Wildcard SSL will only work with this condition.
The caveat to choosing wildcard ssl to secure your multi level sub domain is it will not cover your top level domain. If someone tries to access your https://domain.com then they will find domain name mismatch error in web browser.
Second: If you want to secure your entire website.
Including all of the following:
domain.com (top level domain)
*.domain.com (sub domain)
*.*.domain.com (sub sub domain)
You need to secure your whole website with single UCC/SAN Certificate. It will help you to secure all above conditional webpages with the use of Subject Alternative Name (SAN) certificate.
Hope now you understand what to do. Know your business needs perfectly and choose the certificate.