Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Wildcard SSL

Posted on 2013-01-20
5
Medium Priority
?
279 Views
Last Modified: 2013-02-04
If I have an old SSL certificate from Verisign set up on serverA as:

mail.domain.com

And I need to put that on serverB, but I also need serverA to now have an SSL at this URL:

https://legacy.domain.com 

Is the easiest way to get a wildcard SSL? If I do that, do you think I'd have to get it through Verisign, or can I go with GoDaddy now? If I go with GoDaddy, do I need to "turn off" the old certs I have through Verisign?

For instance, I will still have an intra.domain.com through Verisign... but now the wildcard will overlap with that. Is that permitted?
0
Comment
Question by:cajx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38798871
GoDaddy sells UCC Certs with multiple names. That may be the solution to your situation.
0
 
LVL 54

Accepted Solution

by:
Scott Fell,  EE MVE earned 1000 total points
ID: 38798886
There is no turning on or off of your certificates.  They simply get renewed each year unless you purchased multiple years.    You can revoke them. But if you have a paid cert now, can you just use that? If it is on a different server with the same domain, I think you just need to re key it.  

As for multiple servers, you need to check with the issuer.  Some will allow it.  I am pretty sure godaddy allows multiple servers with the same domain.
0
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 1000 total points
ID: 38798993
The SSL cert for 'mail' can be used on multiple servers if they respond to that name either through load balancing or fail over addresses.
All you need to do is to export the key from the live server and import it onto the other one.

If the main server is also going to have a different cert 'legacy' this can be installed as long as it is for a different product on a different port.
If the 'mail' domain name was serving smpt and pop3 (ports 25 and 110) then you could install the 'legacy' cert on ports 80 / 443 to allow it to be a web server.  These names then would not clash at all.
If you need both names to operate on the same port - for example both running web servers then you will need a seperate IP for each name.  You can add these to the same server (as long as you have multiple public IPs to do this with)
0
 
LVL 49

Expert Comment

by:Akhater
ID: 38800586
for your case I will not advise you to use wildcard SSL all you need is 2 or 3 SAN

I would advise you to issue a new certificate with mail.domain.com and legacy.domain.com and autodiscover.domain.com and then install it on your 2 servers
0
 

Author Closing Comment

by:cajx
ID: 38851114
Thanks everyone. I ended up just moving the old Cert from old server to new, and then buying another cert for the old server to be "leagacy.mydomain.com". It worked out OK like that and I didn't need two certs on one server for what I needed to do.
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question