+ Post New Thread
Results 1 to 8 of 8
Internet Related/Filtering/Firewall Thread, SSL certificates for Sub-Domains (https web services on multiple servers) in Technical; We have subdomains pointing to different servers but we were looking at just buying a single certificate with wildcards. All ...
  1. #1

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    891
    Thank Post
    198
    Thanked 77 Times in 71 Posts
    Rep Power
    52

    SSL certificates for Sub-Domains (https web services on multiple servers)

    We have subdomains pointing to different servers but we were looking at just buying a single certificate with wildcards.

    All servers are going to be on our own site but a few may be outside of our main production network for security i.e in a DMZ.

  2. #2

    Join Date
    Nov 2009
    Location
    Manchester
    Posts
    1,109
    Thank Post
    6
    Thanked 220 Times in 199 Posts
    Rep Power
    56
    A wildcard will be fine then. We use them for our school website.

  3. #3
    Ergo's Avatar
    Join Date
    Sep 2012
    Location
    Nottingham
    Posts
    111
    Thank Post
    16
    Thanked 26 Times in 25 Posts
    Rep Power
    9
    It is possible for any educational establishment to get free certificates which work with most web services - we have recommended and used them with many customers.

    Have a look at certs.ipsca.com if you want a free wildcard certificate select the free educational cert and use *.domainname.tld as the common name.

    Regards,

    David

  4. #4

    Join Date
    Nov 2009
    Location
    Manchester
    Posts
    1,109
    Thank Post
    6
    Thanked 220 Times in 199 Posts
    Rep Power
    56
    Personally I would recommend buying one over ipsca, they see quite slow at making sure all browsers always support them. For example we had an SSL from them that you couldn't use on IE for about 6 months (well ti gave an error) because they missed the deadline to get included in the certificate pack.

  5. #5
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    26
    Agreed with a paid one, we need to buy one as well, were having a lot of problems with ipsca wildcard. Don't know what ssl company to go with through!

  6. #6
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,435
    Thank Post
    672
    Thanked 279 Times in 246 Posts
    Rep Power
    78
    Can I just point out (spanner / works / etc) SSL Certificates are linked to IP addresses, so if you get a Wildcard one, it will then only be able to use a certain IP address, so use on multiple servers will throw up errors, if it lets you install it at all. You basically need a different SSL for each IP address you want protecting, so if you have a number of subdomains on one IP address then a wildcard one will work ok (takes a bit of getting your head around some of the setups, but as you will have top level access, it will be a lot easier than I've had on my own webserver .. lol).

  7. #7
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    994
    Thank Post
    60
    Thanked 166 Times in 118 Posts
    Rep Power
    68
    Quote Originally Posted by soveryapt View Post
    Can I just point out (spanner / works / etc) SSL Certificates are linked to IP addresses, so if you get a Wildcard one, it will then only be able to use a certain IP address, so use on multiple servers will throw up errors, if it lets you install it at all. You basically need a different SSL for each IP address you want protecting, so if you have a number of subdomains on one IP address then a wildcard one will work ok (takes a bit of getting your head around some of the setups, but as you will have top level access, it will be a lot easier than I've had on my own webserver .. lol).
    Not all SSL certificate are linked to an IP address. The Certificate authority we deal with allows wildcard certificate to used on unlimited servers.

  8. #8
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,435
    Thank Post
    672
    Thanked 279 Times in 246 Posts
    Rep Power
    78
    Quote Originally Posted by penfold_99 View Post
    Not all SSL certificate are linked to an IP address. The Certificate authority we deal with allows wildcard certificate to used on unlimited servers.
    They will be generating a "new" wildcard certificate for each of the servers, or certainly setting up a new authentication. A single SSL certificate bought would only allow one IP address to be used. Yes, you can buy further ones for the same domain, even further wildcard ones, but an SSL is tied to an IP address - or at least this is my understanding and knowledge from the various amounts of Googling I've done on this. .. else SSL would be useless in the protection for spoofed addresses and such ..

    So, for instance, if I grew my hosting business to having multiple dedicated servers (I wish .. but you know, it's an example) then I could have a wildcard certificate for each of those servers of *.mydomain.com but there would be a different one for each of the IP addresses x.x.x.1 x.x.x.2 x.x.x.3 etc. The one for x.x.x.1 wouldn't secure the others, and visa versa.

    I was just wanting to point out don't go out buying a single wildcard SSL and expect that you can cover multiple servers. You can get a wildcard SSL for under £100 these days, less if you're not too bothered re insurances and guarantees etc, but for a multi-server environment it's more like £500+ per year for the cheapest option I've found, often with additional costs per extra server, but some do offer unlimited server ability, and if you want EV enhancements, then it's even more.

    Last edited by soveryapt; 7th September 2012 at 07:23 PM.



SHARE:
+ Post New Thread

Similar Threads

  1. Free SSL Certificates for JANET connected schools
    By Dos_Box in forum Wireless Networks
    Replies: 25
    Last Post: 29th April 2013, 04:26 PM
  2. Replies: 2
    Last Post: 25th November 2010, 01:50 PM
  3. SSL Certificates for Exchange 2007
    By jdibsdale in forum Windows
    Replies: 14
    Last Post: 29th May 2009, 07:40 PM
  4. Replies: 1
    Last Post: 18th April 2008, 10:31 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •