To begin let's say I have this configuration :
mywebsite.com is related on machine 0.0.0.1 (with ssl certificate)
cloud.mywebsite.com is related on machine 0.0.0.2 (without ssl certificate)
can I ask for a new SSL certificate for "cloud.mywebsite.com" or this will create issues because of domain/subdomain ?
Thanks for the response.
Instead of asking for a new SSL Certificate, you only need to get Wildcard SSL Certificate that will secure your main domain as well as its all sub-domains. For example:
If you get Wildcard SSL certificate for *mywebsite.com then it will secure,
https://cloud.mywebite.com
https://mail.mywebsite.com
https://photos.mywebsite.com
https://anything.mywebsite.com
So, you will not have to manage multiple SSL certificates for your main domain and its sub-domain. Wildcard SSL certificate will reduce the hassle of server administrators for multiple SSL management. I suggest you to read this article, which will give you clear understanding of Wildcard SSL Certificate.
Related
I'm using Lets Encrypt Certbot to generate ssl certificate btw if you notice my url already have https, I only generated it manually and that's not secured. Just want to know if my url is acceptable to have a ssl certificate.
You can get an SSL certificate for any website. You just have to verify ownership of your domain and once the certificate has been issued to you upload it to your website host.
We have purchased a valid wildcard SSL certificate from Entrust.
Let's say it is a wildcard certificate that covers *.ourcompany.com
I understand we can use this certificate directly on our web services.
Since, it'll be a lot of servers, we wanted to lock down a little bit the wildcard certificate.
Can we use this wildcard certificate to sign separate set of certificates for subdomains like service1.ourcompany.com, service2.ourcompany.com, etc. ? (without involving Entrust for each of those subdomains/ subservices).
Pros:
If one of those services gets compromised, it'll be limited to that service only ;
We don't have to reach out to Entrust for each of the subdomains (as there could be a lot of them) - also in terms of cost ..
In other words, I'm thinking if it's possible to treat a wildcard ssl cert as an "authority" to validate ssl certs in subdomains. (be part of SSL Certificate Chain)
Thank you.
I am working on a client's site - we'll call it checkers.com - that I previously bought an SSL certificate for. They bought a european domain - checkers.eu - that that uses an A-record redirect to point to checkers.com, but setting up an SSL certificate for that domain fails because it's technically on the same IP address as the checkers.com site, and that's not allowed. How would I go about setting up an SSL certificate on checkers.eu when that domain just redirects to a domain that already has an SSL certificate?
As per your question, it seems like you are using a SSL Certificate which offering only Single Server License policy. As per SSL under this policy, you can only install SSL certificate on one domain, one IP address and one physical server. If you try to install it on same IP address it will never allow you.
You either need to purchase another server license from the Certificate Authority, or else get the SSL Certificate from Certificate Authorities which offers multiple server license such as (Comodo, Thawte, GeoTrust & RapidSSL).
So i want to setup a payment server with hibiscus (https://www.willuhn.de/products/hibiscus-server/)
and make the connection encrypted with a trusted certificate.
Hibiscus is basically a java servlet which creates a own self
signed ssl certificate, which acording to the author can not be
replaced with another ssl certificate because the private key is
used to encrypt other things.
So my idea is: Setup nginx with a proxy from port 443 to hibiscuses port
8080, tell nginx to trust the certificate of hibiscus and encrypt
nginx's 443 with a letsencrypt cert.
nginx would need to unpack the secure content form hibiscus and then
repack it as its own content right?
Does anyone now if this is possible and how?
All help is much appreciated
It's not secure. Self signed certificate is not trusted by all of the browsers since the certificate is not signed by any trusted CA, which means, user may suffer from a man-in-the-middle attack. Consider what will happen if I also make a payment server and publish my self signed certificate? User agent can not distinguish which one is real at all.
Can I use the SSL certificate that I bought on GoDaddy on another domain, within the same hosting?
I have for example:
http://domain1.com
http://anotherdomain.com
And have both of this domains above share the SSL I have from GoDaddy which would be located on the same host?
The X.509 certificate is issued for SSL server authentication usually for just one domain (www.example.com + example.com). It won't authenticate "anotherdomain.com".
Unless you purchased an X.509 certificate specifically for those two domains combined, you can't use your certificate for domain1.com with anotherdomain.com. You need to purchase another certificate for anotherdomaincom. And then the technical problem appears - to properly present the certificate to the client in HTTPS in most cases the server must have dedicated IP - one domain name per IP address.