Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 366
  • Last Modified:

Can I have one SSL certificate for 3 domains, IIs on a windows 2003 server?

If I own 3 domains, (let's say they are primary.com, primary.net and primary.org) but will only use the one - primary.com but I want to route any traffic from the other two to primary.com.  Will I need 3 ssl certificates or can I apply 1 ssl certificate to primary.com and alias the other two domains primary.net and primary.org to point and/or redirect to primary.com?  Will users get an ssl error if I assign dns alias (cname) record to primary.com?
0
SheriSchulden-Rusk
Asked:
SheriSchulden-Rusk
  • 2
  • 2
  • 2
  • +1
4 Solutions
 
top_rungCommented:
I think you can accomplish this using a " Multi - Domain SSL Certificate".

http://help.godaddy.com/article/3908

0
 
LittlemorrisCommented:
Hello,

From my knowledge you will need to get a SAN cert Or UC cert. You would generate a SSL request on your primary server and make it exportable. That way you have one cert with all three domains.

Brian.
0
 
SheriSchulden-RuskAuthor Commented:
Do I really need certs for the .net and .org if they don't really exist?  Is it as simple as a dns alias record?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
tigermattCommented:

Hey,

It depends on the configuration and exactly how the domains will be "redirected".

The browser compares the address in the address bar with that on the SSL certificate. In other words, if you use a DNS alias to have domain.net resolve to domain.com, your SSL certificate will be marked as invalid. The browser has no part to play in DNS resolution and will have no idea the certificate should be accepted; it will trigger a warning because domain.net is not listed on the certificate.

However, if you used an HTTP redirect from http://domain.net to https://domain.com, this would work; the browser is being told to initiate a new connection direct to domain.com and as such, the address in the address bar will change. Note that for redirecting from the secure (https://domain.net) will not work as the certificate will be rejected.

If you are using a DNS alias or redirecting from https://domain.net to https://domain.com, you need a SAN certificate with the names of all the possible domains listed. This will be trusted by the browser and you will not receive any warnings on the domain URL side of things.

-Matt
0
 
LittlemorrisCommented:
Hey Matt,

Very well put!
0
 
top_rungCommented:
"Do I really need certs for the .net and .org if they don't really exist?"

They do exist as domains and you either own them or you don't.   So, if own them and DNS is pointing them to your webhost/server, you will need a redirect, but as previously stated, an initial HTTPS request will need a matching certificate.

The first link I posted will give you the cert you need (UCC).

0
 
SheriSchulden-RuskAuthor Commented:
Grade A-Excellent! I think it was covered both in description and with links provided.  The simpler the better for me.  Thank you all!
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now