SSL certificate(s) for one domain and one subdomain

domainsslsubdomain

I want to add https to my site. I only need domain validation and I want the cheapest possible option.

I have:

Server 1 – example.com (IP 1.1.1.1)
Server 2 – files.example.com (IP
2.2.2.2)

Users access to example.com and files.example.com is only used serve downloads.

I found Sslmate 'Standard SSL' certificates. They say his standard certificate include:

One subdomain
Domain Validation

I asked to them but they told me that this ssl certificate isn't valid for me.

So what I need? Can I use two standard (cheap) ssl certificates (from Ssls, Sslmate or Namecheap) one for server 1 and another for server 2? Or can I use only one of these cheap certificates?

Thank you!

Best Answer

There is no problem in using separate certificates(even from different issuers) for separate (sub)-domains. for consistency you may want to use one issuer, but that isn't strictly required.

In theory you can choose from:

Two separate certificates for each domain.
Multi-domain certificate, which includes both those domains.
Wildcard certificate, which normally covers example.com and *.example.com

All of those options would work, but as you want the cheapest solution option 1 is the best fit.

Side note: And, the cheapest(FREE!) option is to use LetsEncrypt certificates for your (sub)domains. But that comes on the maintenance price - you'll need to replace certificates every two months, so some sort of automation would be really necessary.

Related Solutions

Ssl – Multiple SSL Certificate on Apache

It's pretty simple to have a different cert for a different IP address; just put the SSL cert stuff inside the virtualhosts for each.

Having multiple virtualhosts on a single IP won't really work at this point. There's some technologies that might work for that down the road, but the user population isn't running browsers that can do it. The user agent (browser) establishes an SSL connection and verifies the SSL connection before telling the server what host it's connecting to. You really need a separate IP for each SSL virtualhost.

<VirtualHost 1.1.1.1:443>
        ServerName foo
        DocumentRoot /var/www/foo
        CustomLog /var/log/httpd/foo.ssl_access_log combined
        ErrorLog /var/log/httpd/foo.ssl_error_log

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        SSLCertificateFile /etc/pki/tls/certs/foo.crt
        SSLCertificateKeyFile /etc/pki/tls/private/foo.key
</VirtualHost>

<VirtualHost 2.2.2.2:443>
        ServerName bar
        DocumentRoot /var/www/bar
        CustomLog /var/log/httpd/bar.ssl_access_log combined
        ErrorLog /var/log/httpd/bar.ssl_error_log

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        SSLCertificateFile /etc/pki/tls/certs/bar.crt
        SSLCertificateKeyFile /etc/pki/tls/private/bar.key
</VirtualHost>

SSL Certificate – How to Create for Multiple Subdomains

Yes, use *.myserver.net as common name.

This is called wildcard certs and there are large number of howtos finding with this keyword.

Here is one of them: https://web.archive.org/web/20140228063914/http://www.justinsamuel.com/2006/03/11/howto-create-a-self-signed-wildcard-ssl-certificate

Update: if you want cert to match root domain as well (myserver.net), then you should use Subject Alternative Name extension. When generating cert using openssh enter '*.myserver.net/CN=myserver.net' as Common Name.

Compatibly is good enough, unless you have an ancient browser.

Best Answer

Related Solutions

Ssl – Multiple SSL Certificate on Apache

SSL Certificate – How to Create for Multiple Subdomains

Related Topic