How many SSL certs do I need?

Posted on 2013-12-18
Last Modified: 2013-12-27
I will have a web application running on two web servers (load balanced), and the url will be something like I will also have a second url called I think I need 4 certs in total, one for each url on each server. Can anyone confirm this, and is there a better way to purchase a group of certs than just buying 4 individuals?
Question by:Brad212
  • 2

Expert Comment

Comment Utility
Depending on your budget, this may not be an option...

But I've always been a fan of a single wildcard certificate accross the domain.  That is, if it has the same root DNS.

In your case, instead of individual certs for or, you'd just get a * and install the same certificate on all of your load balanced servers.

You could also grab a single certificate with multiple hostnames inside it as well, which would be cheaper than the wildcard.  The problem I have with this approach, is that if any of your requirements change prior to the certificate expiring, and you need to add an additional host or something, you'll have to get yet another certificate.  - The wildcard cert is they way to go in my opinion.

But, it can get stupid expensive though.

I use these guys for my public certificates, and they're great:
LVL 13

Expert Comment

by:Andy M
Comment Utility
You can purchase just one certificate for this - a Multiple Domain (UCC) certificate. This allows you to have multiple domains (5-100) on the same certificate so you only have to configure once then just install this on each machine.

Expert Comment

Comment Utility
*On note, to boast about the wildcard cert, is that you wouldn't be limited to just web servers.

I use the same certificate on my web servers, exchange CAS boxes, and a couple other places.  So, although it's roughly $350 for a wildcard cert, I end up breaking even because I export the private key and install it on all of my boxes that require certificates in my domain for external access.  One-size fits all so-to-speak.
LVL 33

Accepted Solution

Dave Howe earned 100 total points
Comment Utility
One - for you put it on both servers, as after all, they are load balanced so will be reachable for the same url.

for actual certification isn't required, so self-issue a 10 year certificate, accept it in your browser, then forget about it :)

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now