I have a VPS, and I am planning to run a word press instance on it. I want to host sites for different and entirely separate businesses. However, if possible we do not want to pay for a separate SSL certificate for every site.
Is this possible?
Is multisite the answer to this? Assuming that we would have to by a multi domain SSL that right?
Yes, your assumption is right. You have to get Multi domain (SAN) SSL certificate to protect your multiple domain hosted on differ servers with single certificate. It is too much expensive to get different SSL certs for individual domains, so SAN SSL is an apotheosis option.
Related
My company has a SSL certificate for *.mycompany.com. We use this certificate for many critical services.
Marketing team owns www.mycompany.com website (WordPress) and wants a SSL certificate for it.
Can we issue a specific certificate for www.mycompany.com?
Yes. as far as the certificate is concerned there is no relationship between different servers. You could have five different servers with five different certificates and as long as each one of them is valid there wouldn't be a problem. (it might cause a problem if the certificate changes mid-session)
You should however be aware that www.example.com would also be usable as a certificate for any of your other 'critical' services that operate on www.example.com, you could have a security issue there.
So I have an SSL cert for mainsite.com
and I also have secondsite.com directing to mainsite.com/secondsite
but when I visit the page I keep getting this big ugly error.
screenshot:
https://www.dropbox.com/s/hljtcky2wdptzo7/Screenshot%202015-12-14%2022.02.14.png?dl=0
Is it possible to get all domains under one cert?
thanks.
Wrong screenshot...
But, you should check what certificate you bought. There are different types of certificates:
Certificate for 1 domain (only domainname.com)<
Certificate for 1 domains + 1 subdomain (domainname.com and sub.domainname.com)
Certificate for 1 domain unlimited subdomains (read above but unlimited subdomains)
Certificate for 5 domains (GeoTrust EV Multi Domain)
The last one is the most expensive one and I personally think you do not own this one.
EDIT: Some certificates allow you to use /subfolder/ to be included with your SSL.
I want to use same SSL certificate in multiple servers, which type of SSL certificate should I use? Unified SSL certificate? or Wildcard SSL certificate?
Thanks
Any certificate can be installed on multiple servers but your question requires more information on how you want to be advised.
A wildcard SSL certificate will secure any subdomain that the Wildcard character is on. So if you have a certificate for *.domain.com then you can secure
secure.domain.com
bob.domain.com
charlie.domain.com
and the list can go on, however it won't work for sub.secure.domain.com as the wildcard only does the single level.
A unified certificate, depending on the provider would only give you 3 subdomains.
mail, owa and autodiscover.domain.com
Also a standard certificate you can generally add SAN's too which will allow you to add subdomains under extra costs, but if you are only looking to secure 2 subdomains then a certificate with 1 SAN would be cheaper in most cases than a wildcard.
Give us an example of what you are trying to do and people can probably advise you better.
Securing Multiple Servers With One SSL Certificate
To move your certificate between servers you will need to install the certificate on the same web server that you generated the CSR from. You can then export the SSL certificate and its private key to a PKCS#12 file, or if it is an non-Windows based server you will be able to copy the key and certificate files.
Click HERE for more details:
Wildcard SSL Certificates allow you to secure multiple sub domains on the same domain name, thereby saving you time and money, and of course you do not need to manage multiple SSL Certificates on the same server.
My company's product allows our users to custom brand by picking a personal subdomain. We handle this with a wildcard match in nginx and then let Rails decide what to do. We require SSL everywhere and have a wildcard SSL cert, so this all works beautifully.
Now we'd like to offer custom CNAMEs, with SSL, as an add-on feature. Since we don't really want to provision hundreds of IP addresses, we'll use SNI and accept the caveats. What's the best way to setup nginx with all of these certs? We could either allow users to upload their own cert, or we could buy them for the user. Either way, how do we make nginx see them and serve them without restarts and on a large scale? Can nginx read it's config dynamically from mysql somehow, read the certificate from a script, or pass the certificate responsibility to Rails? Ideas welcome!
I'm pretty new to the https world, so bear with me.
There are 2 web-servers involved:
Webserver1 has been in the organization a few years and is hosting/running multiple websites with https encryption (app1.ourcompany.com, app2.ourcompany.com, etc). It has a valid, signed certificate.
Webserver2 is a new server, for which I am responsible. I am tasked with setting up https and getting the certificate, etc. It has a web app running on it, but it does not have a domain name (only has an IP address)...which as I recently learned, is a requirement for a signed certificate.
What I'd like to know is this -- is it possible to set up a site on Webserver1 that points to the site I'm hosting on Webserver2 (ie SiteOnWebserver2.ourcompany.com) which also utilizes the Webserver1's signed/verified certificate?
Thanks for your time, SO gurus!
--Dan
A regular SSL certificate is valid for only a single domain name (such as app1.ourcompany.com). If this is the type of certificate currently being used then the existing SSL certificates will not work on your new server. If you did try this you would get an error in the browser saying that the site's domain name doesn't match the name in the SSL certificate.
The other option is to use a wildcard SSL certificate. These kinds of certificates are assigned to a certain parent domain (like ourcompany.com) and will work for all subdomains. This kind of certificate would work for app1.ourcompany.com, app2.ourcompany.com, as well as your SiteOnWebserver2.ourcompany.com.