Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can I have one SSL certificate for 3 domains, IIs on a windows 2003 server?

Posted on 2009-04-03
7
Medium Priority
?
365 Views
Last Modified: 2012-05-06
If I own 3 domains, (let's say they are primary.com, primary.net and primary.org) but will only use the one - primary.com but I want to route any traffic from the other two to primary.com.  Will I need 3 ssl certificates or can I apply 1 ssl certificate to primary.com and alias the other two domains primary.net and primary.org to point and/or redirect to primary.com?  Will users get an ssl error if I assign dns alias (cname) record to primary.com?
0
Comment
Question by:SheriSchulden-Rusk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 14

Assisted Solution

by:top_rung
top_rung earned 800 total points
ID: 24065410
I think you can accomplish this using a " Multi - Domain SSL Certificate".

http://help.godaddy.com/article/3908

0
 

Assisted Solution

by:Littlemorris
Littlemorris earned 400 total points
ID: 24065414
Hello,

From my knowledge you will need to get a SAN cert Or UC cert. You would generate a SSL request on your primary server and make it exportable. That way you have one cert with all three domains.

Brian.
0
 

Author Comment

by:SheriSchulden-Rusk
ID: 24065458
Do I really need certs for the .net and .org if they don't really exist?  Is it as simple as a dns alias record?
0
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

 
LVL 58

Accepted Solution

by:
tigermatt earned 800 total points
ID: 24067016

Hey,

It depends on the configuration and exactly how the domains will be "redirected".

The browser compares the address in the address bar with that on the SSL certificate. In other words, if you use a DNS alias to have domain.net resolve to domain.com, your SSL certificate will be marked as invalid. The browser has no part to play in DNS resolution and will have no idea the certificate should be accepted; it will trigger a warning because domain.net is not listed on the certificate.

However, if you used an HTTP redirect from http://domain.net to https://domain.com, this would work; the browser is being told to initiate a new connection direct to domain.com and as such, the address in the address bar will change. Note that for redirecting from the secure (https://domain.net) will not work as the certificate will be rejected.

If you are using a DNS alias or redirecting from https://domain.net to https://domain.com, you need a SAN certificate with the names of all the possible domains listed. This will be trusted by the browser and you will not receive any warnings on the domain URL side of things.

-Matt
0
 

Expert Comment

by:Littlemorris
ID: 24067570
Hey Matt,

Very well put!
0
 
LVL 14

Assisted Solution

by:top_rung
top_rung earned 800 total points
ID: 24071620
"Do I really need certs for the .net and .org if they don't really exist?"

They do exist as domains and you either own them or you don't.   So, if own them and DNS is pointing them to your webhost/server, you will need a redirect, but as previously stated, an initial HTTPS request will need a matching certificate.

The first link I posted will give you the cert you need (UCC).

0
 

Author Closing Comment

by:SheriSchulden-Rusk
ID: 31566497
Grade A-Excellent! I think it was covered both in description and with links provided.  The simpler the better for me.  Thank you all!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here are the symptoms: You start receiving calls from users that one of your legacy web apps isn't coming up, so you log into your IIS 5 server to check it out.  When you pull up the services, you notice that the WWW Publishing service isn't runn…
Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question