[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Can I have one SSL certificate for 3 domains, IIs on a windows 2003 server?

Posted on 2009-04-03
7
Medium Priority
?
367 Views
Last Modified: 2012-05-06
If I own 3 domains, (let's say they are primary.com, primary.net and primary.org) but will only use the one - primary.com but I want to route any traffic from the other two to primary.com.  Will I need 3 ssl certificates or can I apply 1 ssl certificate to primary.com and alias the other two domains primary.net and primary.org to point and/or redirect to primary.com?  Will users get an ssl error if I assign dns alias (cname) record to primary.com?
0
Comment
Question by:SheriSchulden-Rusk
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 14

Assisted Solution

by:top_rung
top_rung earned 800 total points
ID: 24065410
I think you can accomplish this using a " Multi - Domain SSL Certificate".

http://help.godaddy.com/article/3908

0
 

Assisted Solution

by:Littlemorris
Littlemorris earned 400 total points
ID: 24065414
Hello,

From my knowledge you will need to get a SAN cert Or UC cert. You would generate a SSL request on your primary server and make it exportable. That way you have one cert with all three domains.

Brian.
0
 

Author Comment

by:SheriSchulden-Rusk
ID: 24065458
Do I really need certs for the .net and .org if they don't really exist?  Is it as simple as a dns alias record?
0
2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

 
LVL 58

Accepted Solution

by:
tigermatt earned 800 total points
ID: 24067016

Hey,

It depends on the configuration and exactly how the domains will be "redirected".

The browser compares the address in the address bar with that on the SSL certificate. In other words, if you use a DNS alias to have domain.net resolve to domain.com, your SSL certificate will be marked as invalid. The browser has no part to play in DNS resolution and will have no idea the certificate should be accepted; it will trigger a warning because domain.net is not listed on the certificate.

However, if you used an HTTP redirect from http://domain.net to https://domain.com, this would work; the browser is being told to initiate a new connection direct to domain.com and as such, the address in the address bar will change. Note that for redirecting from the secure (https://domain.net) will not work as the certificate will be rejected.

If you are using a DNS alias or redirecting from https://domain.net to https://domain.com, you need a SAN certificate with the names of all the possible domains listed. This will be trusted by the browser and you will not receive any warnings on the domain URL side of things.

-Matt
0
 

Expert Comment

by:Littlemorris
ID: 24067570
Hey Matt,

Very well put!
0
 
LVL 14

Assisted Solution

by:top_rung
top_rung earned 800 total points
ID: 24071620
"Do I really need certs for the .net and .org if they don't really exist?"

They do exist as domains and you either own them or you don't.   So, if own them and DNS is pointing them to your webhost/server, you will need a redirect, but as previously stated, an initial HTTPS request will need a matching certificate.

The first link I posted will give you the cert you need (UCC).

0
 

Author Closing Comment

by:SheriSchulden-Rusk
ID: 31566497
Grade A-Excellent! I think it was covered both in description and with links provided.  The simpler the better for me.  Thank you all!
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question