Solved

How many SSL certs do I need?

Posted on 2013-12-18
4
500 Views
Last Modified: 2013-12-27
I will have a web application running on two web servers (load balanced), and the url will be something like production.domain.com. I will also have a second url called test.domain.com. I think I need 4 certs in total, one for each url on each server. Can anyone confirm this, and is there a better way to purchase a group of certs than just buying 4 individuals?
0
Comment
Question by:Brad212
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Expert Comment

by:usslindstrom
ID: 39726534
Depending on your budget, this may not be an option...

But I've always been a fan of a single wildcard certificate accross the domain.  That is, if it has the same root DNS.

In your case, instead of individual certs for production.domain.com or test.domain.com, you'd just get a *.domain.com and install the same certificate on all of your load balanced servers.

You could also grab a single certificate with multiple hostnames inside it as well, which would be cheaper than the wildcard.  The problem I have with this approach, is that if any of your requirements change prior to the certificate expiring, and you need to add an additional host or something, you'll have to get yet another certificate.  - The wildcard cert is they way to go in my opinion.

But, it can get stupid expensive though.

I use these guys for my public certificates, and they're great:
https://ssl.comodo.com/index.php
0
 
LVL 13

Expert Comment

by:Andy M
ID: 39726539
You can purchase just one certificate for this - a Multiple Domain (UCC) certificate. This allows you to have multiple domains (5-100) on the same certificate so you only have to configure once then just install this on each machine.

http://support.godaddy.com/help/article/3908/what-is-a-multiple-domain-ucc-ssl-certificate
0
 
LVL 5

Expert Comment

by:usslindstrom
ID: 39726540
*On note, to boast about the wildcard cert, is that you wouldn't be limited to just web servers.

I use the same certificate on my web servers, exchange CAS boxes, and a couple other places.  So, although it's roughly $350 for a wildcard cert, I end up breaking even because I export the private key and install it on all of my boxes that require certificates in my domain for external access.  One-size fits all so-to-speak.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 100 total points
ID: 39726657
One - for Production.domain.com. you put it on both servers, as after all, they are load balanced so will be reachable for the same url.

for test.domain.com actual certification isn't required, so self-issue a 10 year certificate, accept it in your browser, then forget about it :)
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
performance tune IIS 10 on win 2016 that only runs one website 4 178
Decrypt string by php 7 69
Linux MD5 Hash 7 67
Securing WEBAPI on Azure 2 28
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question