Is it possible to add CNAME records/A records to point many domains to primary domain or IP Address, and keep them over https (ssl)?
Does a multi-domain SSL Cert allow this?
Thanks.
yes. As long as entered server name matches presented SSL certificate name -- SSL connection will authenticate server normally.
Related
I have Wild Card SSL Certificate and i need to implement it on multiple domains. on first it is being implemented and on second i have to implement. Is it possible that i can implement the same certificate on Two Domains. Domains are hitting the same IP Address, means hosted on same server. But having different Domains first is like: https://erp.example.com and Second is http://app.example.com. Both application are differently hosted on IIS.
Please suggest.
If the certificate is a *.example.com cert, then yes, you can. That is, after all, the whole point of a wild card certificate: to support any domain combination of the base domain.
We do it ourselves.
I'm unsure if that is your actual question though.
If you have enabled your Wildcard SSL certificate for your domain *.example.com then yes you can secure both subdomains erp (.dot) example.com and app (.dot) example.com.
Below resources will help you to install Wildcard SSL certificate on IIS server very easily:
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO19990
https://www.clickssl.net/blog/how-to-install-wildcard-ssl-certificate-in-iis-7
You are questioning about two domains, but actually you have two sub-domains under single domain and if you already have Wildcard SSL certificate, your all sub-domains will be protected. Wildcard SSL issued on *.example.com will automatically secure unlimited number of sub-domains. It does not really matter your sub-domains are hosted on same server or differently, you can secure all with Wildcard Certificate.
What will be secured with single Wildcard SSL;
https://app.example.com
https://erp.example.com
https://anything.example.com
Ps: Wildcard certificate will help you secure sub-domain only first level.
Can I have EV SSL for my main domain (say www.example.com) and Wilcard SSL for my subdomains (say eb1.example.com, eb2.example2 etc)?
If yes, then can you please let me know how to configure it?
If not, then please suggest me alternate methods.
All the subdomains and the domain will be hosted on Amazon and will have one IP.
Yes, you can purchase an EV SSL Certificate for your main domain and wildcard SSL certificate for the sub domain names.
Please ensure that the Main domain has a dedicated IP Address and it is not shared with the sub domains.
You can have use multiple certificates at the same time which overlap in the subjects like in your case. To have multiple certificates for the same IP address the serve and client must support SNI. Most modern server and browsers do. But older browser like IE8 on XP do not and support within non-browser application is mixed.
I have a EC2 instance that act as a web server, it hosts various sites and some of them have ssl certificates, lets say one of them is secure.abc.com and has certificate for https://secure.abc.com
After I added an elastic load balancer, assuming it's public dns 'myelb.amazon.com' and I changed the cname record in my DNS to make 'secure' to point to 'myelb.amazon.com', the certificate becomes invalid.
How do I fix this?
My second question is if I have more than one site that has ssl certificates, will a single load balancer work?
In order to fix this issue, you need multi domain SSl certificate to protect your multiple domains includes your DNS domain name also..!
A single certificate for your domain names is the solution for your issue!
And for second question, answer is yes, if you have website with SSL certificate then your load balancer work for it, even it works for multiple host name or ip address too.
I hope this doc should help you out
Stupid me, there is an option to select "TCP" instead of "HTTP"/"HTTPS" which will make the ELB work at the TCP/IP level
Scenario: Suppose www.test.com is a domain that exists and I want to handle requests for widgets.test.com on my webserver. I work with their administrator and adjust their DNS record to point widgets.test.com to an IP address on my webserver.
Question: If I want to handle https requests for that subdomain, do I purchase the SSL cert for widgets.test.com and install on my webserver? Or, does a cert have to be purchased for the top level domain and installed on the primary webserver?
It doesn't have to be purchased for the main domain, you can purchase an SSL cert for a specific subdomain. SSL certs are keyed to the exact domain that you specify, so if you purchase one for "https://*.mysite.com" that's a different cert than for "https://mysite.com".
If you want to get an SSL certificate that would cover both, you might want to look into purchasing something like a Wildcard SSL certificate.
AFAIK, SSL is assigned to a single domain name (maybe several subdomains via wildcard).
On the other hand i heard that the webserver does not see the domain before it serves the ssl?
If I have multiple domains running as vhosts on one IP address:
Q1: Can the webserver serve the appropriate respective SSL to the sites?
Q2: Is there a way to have only one multi-domain SSL serving two domains on one IP?
Illuminate me out of confusion brought upon me by this seemingly self-contradictory quote:
Regular SSL Certificates are issued for a single FQDN (Fully Qualified
Domain Name). The domain using the certificate has to have its own
unique external IP address from which to be served. In practice, this
means that if you have multiple domains on a single IP address/server,
then you had to install a separate certificate on each domain you
wanted to secure.
The reason for this is the use of 'Host-Headers'. They allow a
web server to use a single IP address to serve many separate sites
with different FQDNs. They do this by identifying the incoming request
for a webpage, and routing it to the correct site accordingly.
When an SSL connection is initiated, the server must send a
certificate to the client - before it knows the host-header of the
request. The only identifying piece of data it has is the requested IP
address. As such, two or more sites on one IP address cannot use
different SSL certificates....
Q1> the web server doesn't need to know the domains embedded in an SSL cert. only the browser does since it's the one making sure the domain in the certificate matches the domain in the address bar. The web server just serves up the cert bound to the ip address, regardless of what domain is in the certificate.
Q2> what you describe is a SAN or UC certificate. They are designed to do what you stated, namely allow multiple domains to share one cert on one ip address. Check out this link on Subject alternative names for more info