+ Post New Thread
Results 1 to 8 of 8
Internet Related/Filtering/Firewall Thread, SSL certificates for Sub-Domains (https web services on multiple servers) in Technical; We have subdomains pointing to different servers but we were looking at just buying a single certificate with wildcards. All ...
  1. #1

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    739
    Thank Post
    172
    Thanked 56 Times in 54 Posts
    Rep Power
    35

    SSL certificates for Sub-Domains (https web services on multiple servers)

    We have subdomains pointing to different servers but we were looking at just buying a single certificate with wildcards.

    All servers are going to be on our own site but a few may be outside of our main production network for security i.e in a DMZ.

  2. #2

    Join Date
    Nov 2009
    Location
    Manchester
    Posts
    1,049
    Thank Post
    6
    Thanked 199 Times in 179 Posts
    Rep Power
    52
    A wildcard will be fine then. We use them for our school website.

  3. #3
    Ergo's Avatar
    Join Date
    Sep 2012
    Location
    Nottingham
    Posts
    111
    Thank Post
    16
    Thanked 26 Times in 25 Posts
    Rep Power
    8
    It is possible for any educational establishment to get free certificates which work with most web services - we have recommended and used them with many customers.

    Have a look at certs.ipsca.com if you want a free wildcard certificate select the free educational cert and use *.domainname.tld as the common name.

    Regards,

    David

  4. #4

    Join Date
    Nov 2009
    Location
    Manchester
    Posts
    1,049
    Thank Post
    6
    Thanked 199 Times in 179 Posts
    Rep Power
    52
    Personally I would recommend buying one over ipsca, they see quite slow at making sure all browsers always support them. For example we had an SSL from them that you couldn't use on IE for about 6 months (well ti gave an error) because they missed the deadline to get included in the certificate pack.

  5. #5
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Agreed with a paid one, we need to buy one as well, were having a lot of problems with ipsca wildcard. Don't know what ssl company to go with through!

  6. #6
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,402
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    Can I just point out (spanner / works / etc) SSL Certificates are linked to IP addresses, so if you get a Wildcard one, it will then only be able to use a certain IP address, so use on multiple servers will throw up errors, if it lets you install it at all. You basically need a different SSL for each IP address you want protecting, so if you have a number of subdomains on one IP address then a wildcard one will work ok (takes a bit of getting your head around some of the setups, but as you will have top level access, it will be a lot easier than I've had on my own webserver .. lol).

  7. #7
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    929
    Thank Post
    56
    Thanked 162 Times in 114 Posts
    Rep Power
    67
    Quote Originally Posted by soveryapt View Post
    Can I just point out (spanner / works / etc) SSL Certificates are linked to IP addresses, so if you get a Wildcard one, it will then only be able to use a certain IP address, so use on multiple servers will throw up errors, if it lets you install it at all. You basically need a different SSL for each IP address you want protecting, so if you have a number of subdomains on one IP address then a wildcard one will work ok (takes a bit of getting your head around some of the setups, but as you will have top level access, it will be a lot easier than I've had on my own webserver .. lol).
    Not all SSL certificate are linked to an IP address. The Certificate authority we deal with allows wildcard certificate to used on unlimited servers.

  8. #8
    soveryapt's Avatar
    Join Date
    Jan 2009
    Location
    Lancashire
    Posts
    2,402
    Thank Post
    648
    Thanked 277 Times in 244 Posts
    Rep Power
    78
    Quote Originally Posted by penfold_99 View Post
    Not all SSL certificate are linked to an IP address. The Certificate authority we deal with allows wildcard certificate to used on unlimited servers.
    They will be generating a "new" wildcard certificate for each of the servers, or certainly setting up a new authentication. A single SSL certificate bought would only allow one IP address to be used. Yes, you can buy further ones for the same domain, even further wildcard ones, but an SSL is tied to an IP address - or at least this is my understanding and knowledge from the various amounts of Googling I've done on this. .. else SSL would be useless in the protection for spoofed addresses and such ..

    So, for instance, if I grew my hosting business to having multiple dedicated servers (I wish .. but you know, it's an example) then I could have a wildcard certificate for each of those servers of *.mydomain.com but there would be a different one for each of the IP addresses x.x.x.1 x.x.x.2 x.x.x.3 etc. The one for x.x.x.1 wouldn't secure the others, and visa versa.

    I was just wanting to point out don't go out buying a single wildcard SSL and expect that you can cover multiple servers. You can get a wildcard SSL for under 100 these days, less if you're not too bothered re insurances and guarantees etc, but for a multi-server environment it's more like 500+ per year for the cheapest option I've found, often with additional costs per extra server, but some do offer unlimited server ability, and if you want EV enhancements, then it's even more.

    Last edited by soveryapt; 7th September 2012 at 06:23 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Free SSL Certificates for JANET connected schools
    By Dos_Box in forum Wireless Networks
    Replies: 25
    Last Post: 29th April 2013, 03:26 PM
  2. Replies: 2
    Last Post: 25th November 2010, 12:50 PM
  3. SSL Certificates for Exchange 2007
    By jdibsdale in forum Windows
    Replies: 14
    Last Post: 29th May 2009, 06:40 PM
  4. Replies: 1
    Last Post: 18th April 2008, 09:31 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •