Scenario: Suppose www.test.com is a domain that exists and I want to handle requests for widgets.test.com on my webserver. I work with their administrator and adjust their DNS record to point widgets.test.com to an IP address on my webserver.
Question: If I want to handle https requests for that subdomain, do I purchase the SSL cert for widgets.test.com and install on my webserver? Or, does a cert have to be purchased for the top level domain and installed on the primary webserver?
It doesn't have to be purchased for the main domain, you can purchase an SSL cert for a specific subdomain. SSL certs are keyed to the exact domain that you specify, so if you purchase one for "https://*.mysite.com" that's a different cert than for "https://mysite.com".
If you want to get an SSL certificate that would cover both, you might want to look into purchasing something like a Wildcard SSL certificate.
Related
I am pretty new with the domain configuration part. I want to know that can I generate SSL only for my subdomain I didn't want to add the root domain with CLOUDFLARE because my root domain already has SSL certificate. Is it possible to do that? I have purchased my domain from the GODADDY. I will add the generated SSL certificate to IIS.
Please help me out !!
Edit: I don't want to add my root domain to CLOUDFLARE because if I will do it I have to change my NAMESERVER for the same and my root domain already has SSL.
I believe what you're looking for is the CNAME setup on Cloudflare. This is the alternative method of Name Server setup. However, this setup requires a Business plan. With CNAME setup, you can have just a certain subdomains to be used with Cloudflare. With proxy turned on the subdomain, you'd get the usual Universal SSL certification from Cloudflare.
I've a domain name, basecompany.com. My application is deployed on the server and the IP has been mapped with the domain name in GoDaddy domain registrar DNS settings. Also, it is https enabled using Letsencrypt which automatically refreshes my certificate after every 3 months.
Now, I purchase 5 more domains and just want to reroute those 5 domains to basecompany.com. Nothing else. These are just URLs with no application server. So, I used domain-forwarding service.
However these 5 domains are not https secured. How do I apply letsencrypt certificated within my DNS settings itself, or do I have to separately purchase a SSL certificate from them?
PS: I'm skipping my option to add the domain name in my webserver (nginx)
config file and then map the IP to my DNS of new domain names. I dont want this.
I just want to install the certificate and it should start working.
Our site has a lot sub-domains which we all secure with a wildcard SSL certificate. Now we want to add an EV-SSL certificate for our www sub-domain to increase security and trust in our site. The other sub-domains still have to use the wildcard certificate.
The site is configured as a single site on IIS 7 with all sub-domains listed as http(s) bindings.
Is it possible in IIS 7 to use these two certificate types on one domain?
Yes, it is possible to have two different certificates for the same domain name with the help of SNI technology and need to binding your certificates during configuration.
You need to request EV SSL certificate for your example.com which will secure both versions of the domain as www and non-www.
For subdomains security, you can apply for Wildcard SSL certificate for *.example.com
References –
https://www.ssl2buy.com/wiki/server-name-indication-sni-use-multiple-ssl-on-a-single-ip
https://support.comodo.com/index.php?/Knowledgebase/Article/View/639/0/certificate-installation-microsoft-iis-7x
No, it is not possible that you can use two SSL certificate type for same domain name. Because SSL certificate is issued to FQDN (Fully Qualified domain name).
So you can't use two SSL certificate for same domain name.
For example,
If you are using wildcard ssl certificate for blog.xyz.com then you can't take EV SSL certificate for that same domain name.
I have domain www.xyz.com with dedicated IP,SSL for www.xyz.com is already installed and working fine.
now through plesk panel i am able to create 10 sub domains.
I have created one sub domain named subdomain.xyz.com which is pointing to totaly different server.
I want to add SSL certificate for subdomain.xyz.com.
where i have to add SSL certificate, on the the server that sub domain is pointing or i can add SSL for subdomain.xyz.com from xyz.com plesk panel.
the subdomain is pointing to solaris server
You will need to install the SSL certificate on the actual server that is responding to your HTTPS requests (meaning, the one the subdomain points to). However, keep in mind that if you have a regular SSL certificate, then the certificate would have to be issued to the specific subdomain. For example, a regular SSL certificate for example.com does not validate against sub.example.com.
As an alternative, you can purchase a wildcard SSL certificate for your domain that will cover the new subdomain and any others you add later. More info on that here: https://www.digicert.com/wildcard-ssl-certificates.htm
I have an application written in Symfony2 which basically is a website builder. There are many domains pointing to the server IP, the php app inspects the request and displays the contents associated to that domain.
Is there a way to install ssl certificates on Apache for every domain, every domain should have its own certificate, whithout having any Virtuahost?
Apache is configured to answer to every request on port 80 and 443
Apache permits only 1 certificate per configured host.
So to achieve your goals, you will either need to use a multidomain certificate and include all domain in that certificate. By default, most vendors limit you to 100 domains per certificate. Note that www.domain.com and domain.com count as 2 different domains for the purpose of multi-domain certificates.
https://wiki.apache.org/httpd/UnderstandingMultiUseSSLCertificates
Otherwise, you will need to configure Vhosts for each domain. Depending on your OS, you may be able to use SNI with Apache so you don't need unique IPs for each domain.
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI