Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How many SSL certs do I need?

Posted on 2013-12-18
4
Medium Priority
?
511 Views
Last Modified: 2013-12-27
I will have a web application running on two web servers (load balanced), and the url will be something like production.domain.com. I will also have a second url called test.domain.com. I think I need 4 certs in total, one for each url on each server. Can anyone confirm this, and is there a better way to purchase a group of certs than just buying 4 individuals?
0
Comment
Question by:Brad212
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Expert Comment

by:usslindstrom
ID: 39726534
Depending on your budget, this may not be an option...

But I've always been a fan of a single wildcard certificate accross the domain.  That is, if it has the same root DNS.

In your case, instead of individual certs for production.domain.com or test.domain.com, you'd just get a *.domain.com and install the same certificate on all of your load balanced servers.

You could also grab a single certificate with multiple hostnames inside it as well, which would be cheaper than the wildcard.  The problem I have with this approach, is that if any of your requirements change prior to the certificate expiring, and you need to add an additional host or something, you'll have to get yet another certificate.  - The wildcard cert is they way to go in my opinion.

But, it can get stupid expensive though.

I use these guys for my public certificates, and they're great:
https://ssl.comodo.com/index.php
0
 
LVL 14

Expert Comment

by:Andy M
ID: 39726539
You can purchase just one certificate for this - a Multiple Domain (UCC) certificate. This allows you to have multiple domains (5-100) on the same certificate so you only have to configure once then just install this on each machine.

http://support.godaddy.com/help/article/3908/what-is-a-multiple-domain-ucc-ssl-certificate
0
 
LVL 5

Expert Comment

by:usslindstrom
ID: 39726540
*On note, to boast about the wildcard cert, is that you wouldn't be limited to just web servers.

I use the same certificate on my web servers, exchange CAS boxes, and a couple other places.  So, although it's roughly $350 for a wildcard cert, I end up breaking even because I export the private key and install it on all of my boxes that require certificates in my domain for external access.  One-size fits all so-to-speak.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 400 total points
ID: 39726657
One - for Production.domain.com. you put it on both servers, as after all, they are load balanced so will be reachable for the same url.

for test.domain.com actual certification isn't required, so self-issue a 10 year certificate, accept it in your browser, then forget about it :)
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question