Solved

Can I have one SSL certificate for 3 domains, IIs on a windows 2003 server?

Posted on 2009-04-03
7
362 Views
Last Modified: 2012-05-06
If I own 3 domains, (let's say they are primary.com, primary.net and primary.org) but will only use the one - primary.com but I want to route any traffic from the other two to primary.com.  Will I need 3 ssl certificates or can I apply 1 ssl certificate to primary.com and alias the other two domains primary.net and primary.org to point and/or redirect to primary.com?  Will users get an ssl error if I assign dns alias (cname) record to primary.com?
0
Comment
Question by:SheriSchulden-Rusk
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 14

Assisted Solution

by:top_rung
top_rung earned 200 total points
ID: 24065410
I think you can accomplish this using a " Multi - Domain SSL Certificate".

http://help.godaddy.com/article/3908

0
 

Assisted Solution

by:Littlemorris
Littlemorris earned 100 total points
ID: 24065414
Hello,

From my knowledge you will need to get a SAN cert Or UC cert. You would generate a SSL request on your primary server and make it exportable. That way you have one cert with all three domains.

Brian.
0
 

Author Comment

by:SheriSchulden-Rusk
ID: 24065458
Do I really need certs for the .net and .org if they don't really exist?  Is it as simple as a dns alias record?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 58

Accepted Solution

by:
tigermatt earned 200 total points
ID: 24067016

Hey,

It depends on the configuration and exactly how the domains will be "redirected".

The browser compares the address in the address bar with that on the SSL certificate. In other words, if you use a DNS alias to have domain.net resolve to domain.com, your SSL certificate will be marked as invalid. The browser has no part to play in DNS resolution and will have no idea the certificate should be accepted; it will trigger a warning because domain.net is not listed on the certificate.

However, if you used an HTTP redirect from http://domain.net to https://domain.com, this would work; the browser is being told to initiate a new connection direct to domain.com and as such, the address in the address bar will change. Note that for redirecting from the secure (https://domain.net) will not work as the certificate will be rejected.

If you are using a DNS alias or redirecting from https://domain.net to https://domain.com, you need a SAN certificate with the names of all the possible domains listed. This will be trusted by the browser and you will not receive any warnings on the domain URL side of things.

-Matt
0
 

Expert Comment

by:Littlemorris
ID: 24067570
Hey Matt,

Very well put!
0
 
LVL 14

Assisted Solution

by:top_rung
top_rung earned 200 total points
ID: 24071620
"Do I really need certs for the .net and .org if they don't really exist?"

They do exist as domains and you either own them or you don't.   So, if own them and DNS is pointing them to your webhost/server, you will need a redirect, but as previously stated, an initial HTTPS request will need a matching certificate.

The first link I posted will give you the cert you need (UCC).

0
 

Author Closing Comment

by:SheriSchulden-Rusk
ID: 31566497
Grade A-Excellent! I think it was covered both in description and with links provided.  The simpler the better for me.  Thank you all!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IIS 7 Log 2 51
IIS redirect  from domain.com to www.domain.com and to root of site 6 47
Registering DLL 5 62
Windows 10 IIS and Windows Authentication to SQL 21 121
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question