Avatar of mattolan
mattolanFlag for Canada asked on

Can I have multiple domains with a single ssl cert on one IP?

Is it possible to have multiple unique domains that each go to a seperate web site on the same web server all using one IP address but a shared ssl certificate?
Instead of a unique IP and ssl for each site/domain on the server

ex
www.1.com -->> xxx.xxx.xxx.1 -->> ssl 1 -->> site 1
www.2.com -->> xxx.xxx.xxx.1 -->> ssl 1 -->> site 2
www.3.com -->> xxx.xxx.xxx.1 -->> ssl 1 -->> site 3
www.4.com -->> xxx.xxx.xxx.1 -->> ssl 1 -->> site 4

instead of

www.1.com -->> xxx.xxx.xxx.1 -->> ssl 1 -->> site 1
www.2.com -->> xxx.xxx.xxx.2 -->> ssl 2 -->> site 2
www.3.com -->> xxx.xxx.xxx.3 -->> ssl 3 -->> site 3
www.4.com -->> xxx.xxx.xxx.4 -->> ssl 4 -->> site 4
NetworkingSSL / HTTPSMicrosoft Legacy OS

Avatar of undefined
Last Comment
mattolan

8/22/2022 - Mon
LingerLonger

No, certificates are specific to the site name (URL) they are going to serve.
ASKER CERTIFIED SOLUTION
Paranormastic

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
mattolan

Paranormastic we currently use a standard cer on a one-to-one basis with a serperate ip for each site. however we are wanting to set up a windows load balanced web farm and to do this all site need to be on the same IP address and I don't want the confussion of multiple ports especially as these are external sites used by our customers
Paranormastic

The options are there - what works best is your decision.  

Single certs with one IP each is the easiest to keep track of - in a shared hosting environment this is typical so each customer pays for their own resources.

Sharing ports - if it works for you is fine, still need a different cert for each site, and as mentioned not all products support more than one cert on a single IP even when using different ports.

UC certs are the most versitile allowing for one cert for all sites, but it can be difficult to update if site names need to be added to the list frequently.

If you had the customer1.domain.com, customer2.domain.com naming model you could use a wildcard (*.domain.com) but the TLD needs to be the same for those.  

UC certs are the only way to get multiple TLDs into the same certificate.  You can then export that certificate with its private key and import it into all the other relevant sites.  You could use a couple extra IPs for newer customers until the next cert renewal comes up, too.  If you have a number of servers doing this (say 10 or more) you might try contacting a salesperson from a number of the different vendors.  The cheaper ones are cheap, but might not work with you as well professionally as others do - we use Comodo here for 99% of our public certs (should be 100% after this year) because our sales guy is very responsive to our specific business needs.  Granted we purchase hundreds of certs per year here, but you see what I'm saying.  In the cert world, if you buy more than 25 certs annually you are a 'good customer' :), an UC certs are more spendy off the bat so probably 5-10/year would catch someone's attention.  Maybe they can work out a discount for mid-year reissuances or something.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
mattolan

we don't host other peoples sites just our own. so the names haven't changed in 3 years. having the wildcard option for subdomains would be good to have.
do you have any expierence with Godaddy's ssl cert? we are looking at switching to them. we currently us verisign but their prices are crazy expensive
Paranormastic

Usually when people are talking about hosting a larger number of different TLDs they are running a hosting company - not always the case (obviously, in your case) but typical.  In those environments UC certs can be a blessing and a curse all at the same time due to the reissuance to have new customers make them reissue these relatively expensive certs.

For awhile I was hesistant about godaddy because they recently had their root added to MS, but since its in xp sp3 that should be largely remedied by now.  Vista will auto update, but would have it in its SP1 as well.  They're very inexpensive and generally most people haven't had much for negative reports from all I've read.  They don't insure their certs for as much, they have a more limitied product selection than some of the big names, but for a standard SSL cert or EV cert they're just fine.  The insurance on an SSL cert is a bit of a trick, in my opinion, as SSL certs are issued for a validity period way (at least over a decade) shorter than the time to hack one.

Verisign is agreeably entirely too spendy - they are 'the big name' that's included in everything, but they really need to get over themselves!  They also have the most PKI related products out there.  Use them when you have to, but they are just too expensive for most of us.

GoDaddy UC certs I believe offer up to 25 entries per certificate.  If you need more than that I recommend Comodo they offer up to 100.  If you need more than that... umm...  use a 2nd IP and cert :)


An alternative, although probably not a valid one, could also be to create a universal "secure site" (e.g. secure.companyx-secure.com) and for all SSL traffic push that through that.  Just a thought, in case - but I'm guessing you probably already discounted that idea...
ASKER
mattolan

Thank you for your help your answere where very informative.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
mattolan

Paranormastic

Can you explain to me how to set up multiple site that are ssl secured on an IIS 7 web server? using the same IP address and port number for all of the sites?

I openned a new question in regards to this
https://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_24117553.html