SSL, CNAME, and multiple domains


Say I have an SSL Certificate for a super cool site that I offer, like (Not my site, just an example).
Then lets say I had a customer who wanted to have a CNAME to my site on his server, like Would he need a regular SSL certificate on his end, would I need to have a second certificate on my end (And just "install" it on my webserver), or would I need a multi-domain SSL certificate, or he just has to list my site as an alias on his certificate?


Best Answer

In order to utilize a CNAME pointing to the main IP address of your system, you'd need to be utilizing a subject alternative name certificate covering the client's DNS name.

Alternatively, you could use SNI and have multiple certificates on that IP address, but be warned that a significant percentage of client browsers in use today don't support SNI (specifically IE on Windows XP, about 40% of users) - those users would get certificate errors.

The other option is to have multiple IP addresses that your server's listening on, with different certificates - your clients would then use either a A record pointing to the IP that's assigned to them.

(or if you're using CNAMEs so that you control the target of the A record, then you can have them CNAME to something like, which has the A record for the IP assigned to that client.)

Related Topic