Link to home
Start Free TrialLog in
Avatar of mattolan
mattolanFlag for Canada

asked on

Can I have multiple domains with a single ssl cert on one IP?

Is it possible to have multiple unique domains that each go to a seperate web site on the same web server all using one IP address but a shared ssl certificate?
Instead of a unique IP and ssl for each site/domain on the server

ex -->> -->> ssl 1 -->> site 1 -->> -->> ssl 1 -->> site 2 -->> -->> ssl 1 -->> site 3 -->> -->> ssl 1 -->> site 4

instead of -->> -->> ssl 1 -->> site 1 -->> -->> ssl 2 -->> site 2 -->> -->> ssl 3 -->> site 3 -->> -->> ssl 4 -->> site 4
Avatar of LingerLonger
Flag of United States of America image

No, certificates are specific to the site name (URL) they are going to serve.
Avatar of Paranormastic
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mattolan


Paranormastic we currently use a standard cer on a one-to-one basis with a serperate ip for each site. however we are wanting to set up a windows load balanced web farm and to do this all site need to be on the same IP address and I don't want the confussion of multiple ports especially as these are external sites used by our customers
The options are there - what works best is your decision.  

Single certs with one IP each is the easiest to keep track of - in a shared hosting environment this is typical so each customer pays for their own resources.

Sharing ports - if it works for you is fine, still need a different cert for each site, and as mentioned not all products support more than one cert on a single IP even when using different ports.

UC certs are the most versitile allowing for one cert for all sites, but it can be difficult to update if site names need to be added to the list frequently.

If you had the, naming model you could use a wildcard (* but the TLD needs to be the same for those.  

UC certs are the only way to get multiple TLDs into the same certificate.  You can then export that certificate with its private key and import it into all the other relevant sites.  You could use a couple extra IPs for newer customers until the next cert renewal comes up, too.  If you have a number of servers doing this (say 10 or more) you might try contacting a salesperson from a number of the different vendors.  The cheaper ones are cheap, but might not work with you as well professionally as others do - we use Comodo here for 99% of our public certs (should be 100% after this year) because our sales guy is very responsive to our specific business needs.  Granted we purchase hundreds of certs per year here, but you see what I'm saying.  In the cert world, if you buy more than 25 certs annually you are a 'good customer' :), an UC certs are more spendy off the bat so probably 5-10/year would catch someone's attention.  Maybe they can work out a discount for mid-year reissuances or something.
we don't host other peoples sites just our own. so the names haven't changed in 3 years. having the wildcard option for subdomains would be good to have.
do you have any expierence with Godaddy's ssl cert? we are looking at switching to them. we currently us verisign but their prices are crazy expensive
Usually when people are talking about hosting a larger number of different TLDs they are running a hosting company - not always the case (obviously, in your case) but typical.  In those environments UC certs can be a blessing and a curse all at the same time due to the reissuance to have new customers make them reissue these relatively expensive certs.

For awhile I was hesistant about godaddy because they recently had their root added to MS, but since its in xp sp3 that should be largely remedied by now.  Vista will auto update, but would have it in its SP1 as well.  They're very inexpensive and generally most people haven't had much for negative reports from all I've read.  They don't insure their certs for as much, they have a more limitied product selection than some of the big names, but for a standard SSL cert or EV cert they're just fine.  The insurance on an SSL cert is a bit of a trick, in my opinion, as SSL certs are issued for a validity period way (at least over a decade) shorter than the time to hack one.

Verisign is agreeably entirely too spendy - they are 'the big name' that's included in everything, but they really need to get over themselves!  They also have the most PKI related products out there.  Use them when you have to, but they are just too expensive for most of us.

GoDaddy UC certs I believe offer up to 25 entries per certificate.  If you need more than that I recommend Comodo they offer up to 100.  If you need more than that... umm...  use a 2nd IP and cert :)

An alternative, although probably not a valid one, could also be to create a universal "secure site" (e.g. and for all SSL traffic push that through that.  Just a thought, in case - but I'm guessing you probably already discounted that idea...
Thank you for your help your answere where very informative.

Can you explain to me how to set up multiple site that are ssl secured on an IIS 7 web server? using the same IP address and port number for all of the sites?

I openned a new question in regards to this