I'm not sure if I could word it right. I know that Wildcards SSLs will support any amount of subdomains in a domain. But does it also support subdomains of already existent subdomains?
I'm about to buy a wildcard SSL but I need to have this kind of setup: subsubdomain.subdomain.domain.com
Will I need more certificates or will only one wildcard certificate be enough?
Thanks.
Yes wildcards can support sub domains of already existent sub domains, but there are different criteria to secure your domain and sub domains and multi level sub domains.
First: If you only need to secure your *.subdomain.domain.com
In this case you can secure your all sub domains with single Wildcard SSL. CSR require to be generated on subdomain.domain.com – Wildcard SSL will only work with this condition.
The caveat to choosing wildcard ssl to secure your multi level sub domain is it will not cover your top level domain. If someone tries to access your https://domain.com then they will find domain name mismatch error in web browser.
Second: If you want to secure your entire website.
Including all of the following:
domain.com (top level domain)
*.domain.com (sub domain)
*.*.domain.com (sub sub domain)
You need to secure your whole website with single UCC/SAN Certificate. It will help you to secure all above conditional webpages with the use of Subject Alternative Name (SAN) certificate.
Hope now you understand what to do. Know your business needs perfectly and choose the certificate.
Related
I have a domain(GoDaddy), say example.com and standard SSL certificate to protect it. The combo works fine to setup a secured website hosted in Apache2 at https://www.example.com
Can the same SSL certificate be used for more subdomains like https://api.example.com and https://learn.example.com?
Standard SSL certificate can only secure single domain name for example example.com but it can secure api.example.com, learn.example.com but for that you will have to purchase separate standard SSL certificate for each sub domain.
So in this case Wildcard SSL certificate will remain the best option to secure first level of unlimited sub domains of the main domain name (example.com) like api.example.com, learn.example.com,payment.example.com etc. etc.
If you want to protect multiple sub domains like https://api.example.com and https://learn.example.com, you need a wildcard SSL Certificate which can cover unlimited number of sub domains.
Additionally, if you want to protect both multiple domains or sub domains, you can use multi domain wildcard SSL Certificate.
I have a somedomain.com on CloudFlare with free SSL. And I have subdomains: eg. pl.somedomain.com.
SSL works on:
https://somedomain.com
https://www.somedomain.com
https://en.somedomain.com
https://pl.somedomain.com
but not works on:
https://www.pl.somedomain.com
https://www.fr.somedomain.com
So I am looking for some solution these subdomains work.
http://www.fr.somedomain.com redirects to https://www.fr.somedomain.com
and I have error.
Is any solution using .htaccess or Page Rules to do this?
This is a limitation of SSL in general. No browsers support multi-level wildcard certificates and no trusted CA will issue them (in SSL world www. is also counted as sub-domain). The free universal SSL certificate provided by Cloudflare supports the root and wildcard domain on a shared certificate. For more levels, dedicated certificates or custom host names a different certificate is needed.
If you are looking to secure multiple wildcard domains, but want to keep them all under one certificate, than you should go for the Multi-Domain Wildcard SSL certificates.
Multi-Domain Wildcard Certificates can secure both fully-qualified domain names and wildcard domains within their SAN entries. The coverage for a Multi-Domain wildcard certificate would look like this:
Common Name: domain.com
SAN 1: *.website.org
SAN 2: www.example.net
SAN 3: *.mail.site.com
SAN 4: address.edu
I am not sure if you can apply page rules to 2 level deep domain names, but give the following a try (based on tutorial from CloudFlare):
Redirect from pattern:
https://www.*.somedomain.com/*
to:
https://$1.somedomain.com/$2
On the CloudFlare website, they mentioned redirecting by using the redirect option in their control panel.
1. Go to Control panel and select page rules.
2. On page rule section add new URL and make sure to select forwarding option enabled.
3. Enter the destination URL and select the forwarding type.
For example,
Example forwarding to Google+:
Imagine you have a Google+ profile and you want to make it easy for anyone coming to get to simply by going to a URL like:
*www.example.com/+
*example.com/+
Give that a try, and if you are still getting this issue afterward, I advise checking this list of other SSL providers that is free.
We have a multi tenant application which works based on domain wildcard registration, now we would wanted to add SSL certificate to our application,
So I need to correct approach on how it should be used,
I know about godaddy Wildcard SSL with which you can define un-limited no of subdomain and apply this certificate, but in our case the subdomain are not physically specified we are identifying it with wildcard only, all subdomain are pointing to single domain/server only just application who understands and behaves accordingly.
Can someone guide me on this.
A wildcard certificate is signed for CN=*.example.com
That means a HTTPS client/browser will match the invoked DNS name with the wildcard, and as long as it's a level one subdomain, it will match. That is because the * is a special token in the common name (CN).
So foo.example.com and bar.example.com will match. foo.bar.example.com will, however, not.
As far as the certificate is concerned, you don't have to define a list of valid subdomains anywhere.
So your guess is right, simply buy a wildcard certificate from your CA of choice and your done.
I have one website will be accessed by multiple different domains and will have separate SSL certificates for each.
Is it possible?
IF no then Is there any work around to install multiple certificates for single web site?
Instead of having separate SSL certificate for each domain you can go for Multi domain certificate using Subject Alternative Names (SAN). It will be single certificate with multiple domains. Following image shows SAN certificate.
Image Courtesy : DigiCert
SSL Certificate can only be issued to a FQDN (fully qualified domain name).
You better have elaborated your question with examples. By the way, let me guess and try to answer. As you said “You have one website – will be accessed by multiple different domains” - if I'm not wrong your are talking about one website which may be www.domain.com and multiple domains may be sub-domains like, blog.domain.com, photos.domain.com or anything.domain.com. If I have hit bulls eye, you don't need to get different SSL Certificates because all this domain can be secured with single Wildcard SSL Certificate. Wildcard SSL works on asterisk, so it will issued on *.domain.com and anything in place of asterisk will be covered.
But make a note, Wildcard SSL can work only on single level so something like blog.photos.domain.com will not be secured if you have got certificate for *.domain.com
Different Scenario: If you have something like this, domain.com, domain.co.uk, domain.com.eu etc. and it can be secured with different certificates. It may be costly deal if you have 20-30 or more domains, ideally you can get one multi-domain certificate to secure all these. Visit this article which will help you understand difference between Wildcard SSL and SAN functionality more deeply.
If I were to get a single certificate and not a wildcard,
I know it wouldn't work for say, sub.example.com, but would it work for example.com/sub?
Because the wildcards are quite spendy, and I would like to find out my options. Because example.com/sub wouldn't be a sub domain would it? it would just be a folder/directory and therefore it should be covered by the SSL certificate since it's on the same domain or am I wrong?
I looked online, and it just mentioned subdomains or other domains, it said nothing about directories or folders
Wildcard certificates are used to secure multiple subdomains (eg. a.mydomain.com, b.mydomain.com etc).
As for folders - your certificate issued for www.mydomain.com will work fine for www.mydomain.com/some/folder/