Can I have more than one SSL Cert behind a DSL router? If so, how?

HI. We have a handful of servers behind a ADSL router (2Wire 2701). We are wanting to add SSL Certificates to our FTP and webservers. Does anyone know if I can have more than one SSL behind a DSL router? And if so, how would I set that up? What alternative ports can be used?

Thanks!
dsmjeffAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ParanormasticCryptographic EngineerCommented:
Yes, you can - you just need to install them on the servers and have DNS be able to route to them.  Your DNS can route them all to your gateway, then NAT the internal network so each server has a unique IP so you can route to that.  If these are all hosted on the same box, then you will probably need to get a specialized cert - either a wildcard (*.domain.com) or a SAN (UC, multi-domain, etc.) cert (site1.domain.com, site2.domain.com, site3.domain2.com, etc.) or use PAT (port address translation) so you can use a different cert on each different port if you need to use the same IP for some reason.  If you use a wildcard or a SAN cert then you can still use host headers to point to the correct site, otherwise things get messy.
0
dsmjeffAuthor Commented:
So far, there all on different boxes. So just a standard SSL would work right?
Then set our router up to to all share 443?
0
Dave HoweSoftware and Hardware EngineerCommented:
no. in order for a wildcard to work properly, you would need it to cover all domain names (so *.domain.tld would cover x.domain.tld and y.domain.tld, but not www.otherdomain.tld) and be on a shared server. even then, usually windows won't allow you to define that properly.

best bet is to ask your DSL provider if you can have some more IP addresses and route them though your 2701, then independently static nat those to each box.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dsmjeffAuthor Commented:
We do offer hosting, but as of right now, I do not need other domains secured right now. Just our company FTP/Web/Email that all use the same domain, just on different servers. Is my best bet to get a wildcard deal, or to just get individual ones?

And either way we go, how would we set that up behind the DSL?

Thanks,
Jeff
0
ParanormasticCryptographic EngineerCommented:
Wildcard is probably the best bet if you are only dealing with one domain name.  If you use exchange 2007 then you may need to get a UC cert to handle multiple names to include the hostname, otherwise you can use the wildcard for email as well.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.