I have some questions about Multi Domain SSL Certifiations that I'm struggling to find answers to on the Net.
What options are there for a large number of Domains (say 500) to run under one SSL Cert?
Does anyone know any that cater for a large number like 500 Domains?
If not what are the larger Multi Domain SSL Certs avaliable? 200?
Can domain names be switched on the fly (eg: add one or remove one) or must they be setup at the beginning?
If you want to put multiple domains into a single certificate you have to use subject alternative names. While there is in theory no limit on how many SAN you can use (ok, there is a size limit of the certificate) in reality CAs set the limit to about 100 (maybe more if you pay more). To reduce the number of SAN you can use multiple wildcard domains (*.example.com). If this still does not help you can use multiple certificates on the same IP if client and server support SNI (Server Name Indication), all current browsers should support this and most current web servers.
Related
I have below domains, buying a single wild card certificate beneficial? Or do I need to buy separate SSL certificates.
abc.example.com.au
abc.example.com.nz
abc.api.module.example.com
abc.api.global.example.com
Do I need to consider anything, when buying the SSL for the above domain. Appreciate your inputs.
Probably a better question for ServerFault or SuperUser, but since you're here, a wildcard certificate will only work for subdomains and only one level deep, so it would not work for any of the examples you mentioned.
Example: A cert with cn=*.example.com would work with a.example.com or b.example.com, but not 1.a.example.com. See https://en.wikipedia.org/wiki/Wildcard_certificate for more details.
Also, when using a wildcard does make it simpler to manage your certificates and renewals and applying updated certs and whatnot because the generation process only has to be done once and the same files and configs can be copied to all servers. Consider though that, if there is some kind of security issue with the wildcard cert, then it would affect all servers that use that cert. So a breach on one server would affect all servers and a problem with one would require an update to all servers that use it.
For these reasons, I generally use wildcard certs for non-production systems, and individual certs for production systems.
Single Wildcard SSL Certificate will not work in your all sub-domains.
You have now 3 options.
Get two different wildcard domains
Get a Multi Domain SSL (it will allow you to add sub-domains as well)
Get a Multi Domain Wildcard SSL Certificate (combination of 100 multiple domains and unlimited number of level-1 sub-domains).
We currently have a single development environment with Cloud66. We are hoping to expand to staging and production environments which will be secured with SSL.
Is it possible to use the same wildcard certificate to secure all three environments (obviously with different names for each)?
I've added the detail below as I don't think my original question was clear enough.
Specifically what I want to know is if Cloud66 will allow a single wildcard certificate to be used to secure domains across a number of stacks or if a single certificate can only be used on a single stack.
Yes. When you order a wildcard SSL certificate you can use it to secure multiple sites assuming they each use the same base domain of the wildcard certificate.
Yes you can, Wildcard SSL certificate is used to secure multiple domain names but your main domain name will be same.
Using wildcard you can secure
www.yourdomain.com
blog.yourdomain.com
login.yourdomain.com
secure.yourdomain.com
etc.yourdomain.com.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 months ago.
Improve this question
I'm wanting to cover the a few domains with an SSL Certificate.
e.g.
portal.domain.com
app.domain.com
app1.domain.com
app2.domain.com
I'm a bit confused as to whether I can go for the cheaper Unified Communications Certificate, or whether I need to fork out for a wildcard certificate.
Is the only difference that the wildcard can have an unlimited number of subdomains, where the UCC only covers a set number under the SANs?
Thanks in advance
Yes, you are right Unified Communications Certificate covers a set on SANs but it can secure multiple domains, and hosts configured in your Exchange server where a traditional wildcard SSL cannot. For e.g. A wildcard ssl can secure first level of sub-domains like *.example dot com where a Unified Communications Certificate secures www.example dot com, www.example dot net etc.
Yes. Keep in mind that some old X.509 implementations might not support SAN, but that's pretty rare today (some Symbian OS phones for example, see http://www.digicert.com/subject-alternative-name-compatibility.htm).
Generally, a domain name or URL requires just one certificate to be secure. But what if you need to secure multiple domains? How can you manage their security without sacrificing budget and time?
Securing Multiple Domains
Securing multiple domains can be achieved with 2 approaches, Wildcard certificates and Unified Communications Certificates (UCC), also known as SAN (Subject Alternative Name). SAN lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, while a Wildcard certificate can support a single domain and an unlimited number of first-level subdomains. SAN/UCC can also be combined as an extension with a Wildcard to add functionality to the certificate. You can combine these two certificates as a Multi-domain Wildcard SSL Certificate depending on your needs. This makes managing the security of multiple websites much easier and cheaper than managing a separate SSL certificate for every domain you own.
Read More: Wildcard Vs SAN/UCC Certificates
It's only cheaper up until a certain number of domains, because UC and SAN certs charge by each domain name. You'll notice the price changes as you enter and subtract domains from this UCC link
If you know that you will have more than say 5 subdomains, save some cash with the wildcard because it's a set prices regardless of the number of sub domains.
UCC and SAN is only recommended for exchange server. your requirement seems like you need ssl with common name *.domain.com so that single ssl works for all sub-domains.
Know what exactly UCC and SAN is..
UCC / SAN cert is recommended only if you need to secure different tld like urdomain.com urdomain.co.uk urmydomain.net. This kind certs cost too much as it starts from $200.
Answering your question, I checked few brands wildcard ssl RapidSSL wildcard, comodo positive ssl wildcard, globalsign alphassl wildcard, geotrust wildcard ssl. I tested these brands installed ssl website in my iPhone and Samsung android phone. All works perfect.
I reviewed many ssl providers for UC certificates pricing. Apart from the pricing, I found some ssl providers sell same product with different names, like multi-domains ssl, san certificate and uc certificates.
Microsoft exchange server requires typical UC certificate, strongly recommended by Microsoft. I decided to purchase UC certificate but it costs too much, starts from $300 to $600 with veriour providers like comodo, globalsign, digicerts etc. First I purchase single domain ssl and failed in exchange server installation. I thought could save $$$ with single domain ssl.
Later I searched for UC certificate prices $50 to $100 and found ssl2buy ssl company provides comodo uc certificates for $60 only and it includes 4 domains.
https://www.ssl2buy.com/comodo-multi-domain-ssl.php
I purchased this uc certificate and installed on my exchange server. It works fine! No error - No installation issue, nothing.
I've got a webserver that has a single domain SSL certificate: https://secure.example.com
I also have a couple of subdomains that point to different servers:
http://www.example.com, which points to the main server.
http://subdomain.example.com which points to a completely different server.
What is the best way to add SSL to the subdomain https://subdomain.example.com
Is it possible to configure something like this with a wildcard certificate? Or is it better to purchase another single-domain certificate and install it on the seperate server?
You can get a wildcard cert but that is probably more expensive than you need and you'd need to copy your private key to each server -- which really is not recommended unless you are a crypto expert. You are better off simply purchasing two more certs for the two additional machines.
Wild card certificates only cover domains on the same server. I believe it's because the key used in the certificate is tied back to the server.
If you want to add a certificate for sites on other servers you will need specific certificates for those server/domain combinations.
I'm investigating a little problem for my employer. My company runs a website under an SSL certificate for the domain www.domainone.net.nz (Yes, New Zealand)
However, there's been a high-level marketing decision to change our primary domain to www.domaintwo.co.nz.
So, easy, right? Buy a new SSL cert for www.domaintwo.co.nz and get it running on IIS. Easy.
However, we have a few WebServices published that need to be accessed over HTTPS - there's some systems in place out in the wild that are using https://www.domainone.net.nz/
I would like to run BOTH certs at the same time, and give our partners and clients that are using these WebServices a set timeframe (six months, say) to roll over to the new domain, before revoking the www.domainone.net.nz cert.
This is a bit fiddly to search for - I keep getting explanations of wildcard SSL domains, which wouldn't help in this particular case, as the central domain name has changed.
Is this possible under IIS? My asp.dll shows version 6.0.3790.4195
It's possible, if you have separate IP addresses for both sites, simply create two sites, one with each SSL certificate and point the directories for both sites to the same place.
But with a single website, no it's not possible
you should be able to do this as long as you have two different IP's one for each of the SSL Certs, you may have to set up two sites that point to the same location to get it working properly, but im not sure.