Solved

Can I have one SSL certificate for 3 domains, IIs on a windows 2003 server?

Posted on 2009-04-03
7
359 Views
Last Modified: 2012-05-06
If I own 3 domains, (let's say they are primary.com, primary.net and primary.org) but will only use the one - primary.com but I want to route any traffic from the other two to primary.com.  Will I need 3 ssl certificates or can I apply 1 ssl certificate to primary.com and alias the other two domains primary.net and primary.org to point and/or redirect to primary.com?  Will users get an ssl error if I assign dns alias (cname) record to primary.com?
0
Comment
Question by:SheriSchulden-Rusk
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 14

Assisted Solution

by:top_rung
top_rung earned 200 total points
ID: 24065410
I think you can accomplish this using a " Multi - Domain SSL Certificate".

http://help.godaddy.com/article/3908

0
 

Assisted Solution

by:Littlemorris
Littlemorris earned 100 total points
ID: 24065414
Hello,

From my knowledge you will need to get a SAN cert Or UC cert. You would generate a SSL request on your primary server and make it exportable. That way you have one cert with all three domains.

Brian.
0
 

Author Comment

by:SheriSchulden-Rusk
ID: 24065458
Do I really need certs for the .net and .org if they don't really exist?  Is it as simple as a dns alias record?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 58

Accepted Solution

by:
tigermatt earned 200 total points
ID: 24067016

Hey,

It depends on the configuration and exactly how the domains will be "redirected".

The browser compares the address in the address bar with that on the SSL certificate. In other words, if you use a DNS alias to have domain.net resolve to domain.com, your SSL certificate will be marked as invalid. The browser has no part to play in DNS resolution and will have no idea the certificate should be accepted; it will trigger a warning because domain.net is not listed on the certificate.

However, if you used an HTTP redirect from http://domain.net to https://domain.com, this would work; the browser is being told to initiate a new connection direct to domain.com and as such, the address in the address bar will change. Note that for redirecting from the secure (https://domain.net) will not work as the certificate will be rejected.

If you are using a DNS alias or redirecting from https://domain.net to https://domain.com, you need a SAN certificate with the names of all the possible domains listed. This will be trusted by the browser and you will not receive any warnings on the domain URL side of things.

-Matt
0
 

Expert Comment

by:Littlemorris
ID: 24067570
Hey Matt,

Very well put!
0
 
LVL 14

Assisted Solution

by:top_rung
top_rung earned 200 total points
ID: 24071620
"Do I really need certs for the .net and .org if they don't really exist?"

They do exist as domains and you either own them or you don't.   So, if own them and DNS is pointing them to your webhost/server, you will need a redirect, but as previously stated, an initial HTTPS request will need a matching certificate.

The first link I posted will give you the cert you need (UCC).

0
 

Author Closing Comment

by:SheriSchulden-Rusk
ID: 31566497
Grade A-Excellent! I think it was covered both in description and with links provided.  The simpler the better for me.  Thank you all!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question