For a single domain, can I have two different ssl certs from two different CAs, each cert has its own expiration date, and use them on different servers? Does the earlier cert automatically expire?
Thanks
Yes this would be fine. As far as the client is concerned changing certificates and IP addresses for domains is acceptable provided both certs have valid chains to trusted CA's.
Related
We have purchased a valid wildcard SSL certificate from Entrust.
Let's say it is a wildcard certificate that covers *.ourcompany.com
I understand we can use this certificate directly on our web services.
Since, it'll be a lot of servers, we wanted to lock down a little bit the wildcard certificate.
Can we use this wildcard certificate to sign separate set of certificates for subdomains like service1.ourcompany.com, service2.ourcompany.com, etc. ? (without involving Entrust for each of those subdomains/ subservices).
Pros:
If one of those services gets compromised, it'll be limited to that service only ;
We don't have to reach out to Entrust for each of the subdomains (as there could be a lot of them) - also in terms of cost ..
In other words, I'm thinking if it's possible to treat a wildcard ssl cert as an "authority" to validate ssl certs in subdomains. (be part of SSL Certificate Chain)
Thank you.
I have a wildcard self-signed certificate for two domains
*.abc.com
*.xyz.com
I'm access the servers https://one.abc.com and https://two.xyz.com via a third service https://three.abc.com and using the same self-signed certificate
I want to ignore the ssl warnings only once.
Note: I've broken down the issue.
Exceptions in the browser will be added only for the currently requested domain. If you want the self-signed certificate to be trusted for all domains contained in the certificate you have to explicitly add it to the trust store instead of only overriding the browser warnings.
To begin let's say I have this configuration :
mywebsite.com is related on machine 0.0.0.1 (with ssl certificate)
cloud.mywebsite.com is related on machine 0.0.0.2 (without ssl certificate)
can I ask for a new SSL certificate for "cloud.mywebsite.com" or this will create issues because of domain/subdomain ?
Thanks for the response.
Instead of asking for a new SSL Certificate, you only need to get Wildcard SSL Certificate that will secure your main domain as well as its all sub-domains. For example:
If you get Wildcard SSL certificate for *mywebsite.com then it will secure,
https://cloud.mywebite.com
https://mail.mywebsite.com
https://photos.mywebsite.com
https://anything.mywebsite.com
So, you will not have to manage multiple SSL certificates for your main domain and its sub-domain. Wildcard SSL certificate will reduce the hassle of server administrators for multiple SSL management. I suggest you to read this article, which will give you clear understanding of Wildcard SSL Certificate.
Mi question is really simple:
I have one server that owns multiple domains inside. Recently I bought a SSL certificate for one of them.
Is there any possibility to reuse that one certificate?
In other words, is SSL certificate related to the domain, or the hosting machine?
Each certificate can be used just by one domain, despite, you can use it for all your subdomains.
https://ssl.comodo.com/wildcard-ssl-certificates.php
If you purchased a wildcarded certificate that is valid for *.yourdomain.com, you can reuse it for other subdomains.
Can I use the SSL certificate that I bought on GoDaddy on another domain, within the same hosting?
I have for example:
http://domain1.com
http://anotherdomain.com
And have both of this domains above share the SSL I have from GoDaddy which would be located on the same host?
The X.509 certificate is issued for SSL server authentication usually for just one domain (www.example.com + example.com). It won't authenticate "anotherdomain.com".
Unless you purchased an X.509 certificate specifically for those two domains combined, you can't use your certificate for domain1.com with anotherdomain.com. You need to purchase another certificate for anotherdomaincom. And then the technical problem appears - to properly present the certificate to the client in HTTPS in most cases the server must have dedicated IP - one domain name per IP address.