I have Wild Card SSL Certificate and i need to implement it on multiple domains. on first it is being implemented and on second i have to implement. Is it possible that i can implement the same certificate on Two Domains. Domains are hitting the same IP Address, means hosted on same server. But having different Domains first is like: https://erp.example.com and Second is http://app.example.com. Both application are differently hosted on IIS.
Please suggest.
If the certificate is a *.example.com cert, then yes, you can. That is, after all, the whole point of a wild card certificate: to support any domain combination of the base domain.
We do it ourselves.
I'm unsure if that is your actual question though.
If you have enabled your Wildcard SSL certificate for your domain *.example.com then yes you can secure both subdomains erp (.dot) example.com and app (.dot) example.com.
Below resources will help you to install Wildcard SSL certificate on IIS server very easily:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO19990
https://www.clickssl.net/blog/how-to-install-wildcard-ssl-certificate-in-iis-7
You are questioning about two domains, but actually you have two sub-domains under single domain and if you already have Wildcard SSL certificate, your all sub-domains will be protected. Wildcard SSL issued on *.example.com will automatically secure unlimited number of sub-domains. It does not really matter your sub-domains are hosted on same server or differently, you can secure all with Wildcard Certificate.
What will be secured with single Wildcard SSL;
https://app.example.com
https://erp.example.com
https://anything.example.com
Ps: Wildcard certificate will help you secure sub-domain only first level.
Related
I have a domain(GoDaddy), say example.com and standard SSL certificate to protect it. The combo works fine to setup a secured website hosted in Apache2 at https://www.example.com
Can the same SSL certificate be used for more subdomains like https://api.example.com and https://learn.example.com?
Standard SSL certificate can only secure single domain name for example example.com but it can secure api.example.com, learn.example.com but for that you will have to purchase separate standard SSL certificate for each sub domain.
So in this case Wildcard SSL certificate will remain the best option to secure first level of unlimited sub domains of the main domain name (example.com) like api.example.com, learn.example.com,payment.example.com etc. etc.
If you want to protect multiple sub domains like https://api.example.com and https://learn.example.com, you need a wildcard SSL Certificate which can cover unlimited number of sub domains.
Additionally, if you want to protect both multiple domains or sub domains, you can use multi domain wildcard SSL Certificate.
Our site has a lot sub-domains which we all secure with a wildcard SSL certificate. Now we want to add an EV-SSL certificate for our www sub-domain to increase security and trust in our site. The other sub-domains still have to use the wildcard certificate.
The site is configured as a single site on IIS 7 with all sub-domains listed as http(s) bindings.
Is it possible in IIS 7 to use these two certificate types on one domain?
Yes, it is possible to have two different certificates for the same domain name with the help of SNI technology and need to binding your certificates during configuration.
You need to request EV SSL certificate for your example.com which will secure both versions of the domain as www and non-www.
For subdomains security, you can apply for Wildcard SSL certificate for *.example.com
References –
https://www.ssl2buy.com/wiki/server-name-indication-sni-use-multiple-ssl-on-a-single-ip
https://support.comodo.com/index.php?/Knowledgebase/Article/View/639/0/certificate-installation-microsoft-iis-7x
No, it is not possible that you can use two SSL certificate type for same domain name. Because SSL certificate is issued to FQDN (Fully Qualified domain name).
So you can't use two SSL certificate for same domain name.
For example,
If you are using wildcard ssl certificate for blog.xyz.com then you can't take EV SSL certificate for that same domain name.
I have one website will be accessed by multiple different domains and will have separate SSL certificates for each.
Is it possible?
IF no then Is there any work around to install multiple certificates for single web site?
Instead of having separate SSL certificate for each domain you can go for Multi domain certificate using Subject Alternative Names (SAN). It will be single certificate with multiple domains. Following image shows SAN certificate.
Image Courtesy : DigiCert
SSL Certificate can only be issued to a FQDN (fully qualified domain name).
You better have elaborated your question with examples. By the way, let me guess and try to answer. As you said “You have one website – will be accessed by multiple different domains” - if I'm not wrong your are talking about one website which may be www.domain.com and multiple domains may be sub-domains like, blog.domain.com, photos.domain.com or anything.domain.com. If I have hit bulls eye, you don't need to get different SSL Certificates because all this domain can be secured with single Wildcard SSL Certificate. Wildcard SSL works on asterisk, so it will issued on *.domain.com and anything in place of asterisk will be covered.
But make a note, Wildcard SSL can work only on single level so something like blog.photos.domain.com will not be secured if you have got certificate for *.domain.com
Different Scenario: If you have something like this, domain.com, domain.co.uk, domain.com.eu etc. and it can be secured with different certificates. It may be costly deal if you have 20-30 or more domains, ideally you can get one multi-domain certificate to secure all these. Visit this article which will help you understand difference between Wildcard SSL and SAN functionality more deeply.
I am trying to setup wildcard sub-domain. So my domain is www.mydomain.com so anything comes like this test.mydomain.com, welcome.mydomain.com will work, that is fine.
When it comes to SSL, if I am buying SSL for www.mydomain.com then will that same SSL certificate works for test.mydomain.com, welcome.mydomain.com? Since they are not real sub-domains just virtual.
If not do I need to buy wildcard SSL?
If I think technically all the wildcard sub-domains will point to same root folder and IP. From there using my code I will deliver different content. In that case my SSL certificate for www.mydomain.com will also work for test.mydomain.com right? I am not sure.
Any Guess?
NAME in the SSL certificate must exactly match domain name of the site. You need wildcard certificate. Non-wildcard will produce a wrong-site warning.
A co-worker told me that when you visit a website over SSL the certificate no longer guarantees that you're actually dealing with the intended recipient. This is due to something called "multi-domain SSL certificates". A quick google search seems to show these exist - but I was always under the impression SSL provided encryption and authentication. Is this no longer the case? Surely this is a step in the wrong direction?
There are wildcard certificates, which allow all hosts in one domain to be covered by the same cert. They're more expensive to get issued (since the CAs wouldn't make as much money as if you'd ordered multiple separate single-domain certs), but when you need to cover multiple hostnames in your domain with ssl, it can be quite a savings.
A properly issued cert will cover at LEAST one host name, like www.example.com. And with wildcarding, can cover *.example.com.
SSL by itself guarantees nothing in the way of identification - simply that the link is encrypted. Any certificate will do that for you - even self-signed ones. What you get with the "commercial" certs is a (theoretically) trustworthy third party saying "we've verified that the person who this www.example.com certificate was issused to really is www.example.com"
In addition to given answer, i would like to add few points about SAN (multidomain SSL). First of all, wildcard is not a multi-domain ssl, it only protects unlimited sub-domains as already explained by Marc.
To protect multiple domains like:
domain.net
domain.com
mail.domain.com
newdomain.com
you will require SAN certificates that start from just $60.
you can configure multi domain with SSL on both UBUNTU and REDHAT by following the document Multi domian with ssl