Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.
Solved
Can I have one SSL certificate for 3 domains, IIs on a windows 2003 server?
Posted on 2009-04-03
If I own 3 domains, (let's say they are primary.com, primary.net and primary.org) but will only use the one - primary.com but I want to route any traffic from the other two to primary.com. Will I need 3 ssl certificates or can I apply 1 ssl certificate to primary.com and alias the other two domains primary.net and primary.org to point and/or redirect to primary.com? Will users get an ssl error if I assign dns alias (cname) record to primary.com?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
2-
2
- +1
7 Comments
I think you can accomplish this using a " Multi - Domain SSL Certificate".
http://help.godaddy.com/article/3908
http://help.godaddy.com/article/3908
Hello,
From my knowledge you will need to get a SAN cert Or UC cert. You would generate a SSL request on your primary server and make it exportable. That way you have one cert with all three domains.
Brian.
From my knowledge you will need to get a SAN cert Or UC cert. You would generate a SSL request on your primary server and make it exportable. That way you have one cert with all three domains.
Brian.
Do I really need certs for the .net and .org if they don't really exist? Is it as simple as a dns alias record?
Hey,
It depends on the configuration and exactly how the domains will be "redirected".
The browser compares the address in the address bar with that on the SSL certificate. In other words, if you use a DNS alias to have domain.net resolve to domain.com, your SSL certificate will be marked as invalid. The browser has no part to play in DNS resolution and will have no idea the certificate should be accepted; it will trigger a warning because domain.net is not listed on the certificate.
However, if you used an HTTP redirect from http://domain.net to https://domain.com, this would work; the browser is being told to initiate a new connection direct to domain.com and as such, the address in the address bar will change. Note that for redirecting from the secure (https://domain.net) will not work as the certificate will be rejected.
If you are using a DNS alias or redirecting from https://domain.net to https://domain.com, you need a SAN certificate with the names of all the possible domains listed. This will be trusted by the browser and you will not receive any warnings on the domain URL side of things.
-Matt
"Do I really need certs for the .net and .org if they don't really exist?"
They do exist as domains and you either own them or you don't. So, if own them and DNS is pointing them to your webhost/server, you will need a redirect, but as previously stated, an initial HTTPS request will need a matching certificate.
The first link I posted will give you the cert you need (UCC).
They do exist as domains and you either own them or you don't. So, if own them and DNS is pointing them to your webhost/server, you will need a redirect, but as previously stated, an initial HTTPS request will need a matching certificate.
The first link I posted will give you the cert you need (UCC).
Featured Post
Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Here are the symptoms:
You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out. When you pull up the services, you notice that the WWW Publishing service isn't runn…
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
How to fix incompatible JVM issue while installing Eclipse
While installing Eclipse in windows, got one error like above and unable to proceed with the installation.
This video describes how to successfully install Eclipse.
How to solve incompa…
Suggested Courses
Course of the Month9 days, 14 hours left to enroll
722 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.