Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How many SSL certs do I need?

Posted on 2013-12-18
Medium Priority
Last Modified: 2013-12-27
I will have a web application running on two web servers (load balanced), and the url will be something like production.domain.com. I will also have a second url called test.domain.com. I think I need 4 certs in total, one for each url on each server. Can anyone confirm this, and is there a better way to purchase a group of certs than just buying 4 individuals?
Question by:Brad212
  • 2

Expert Comment

ID: 39726534
Depending on your budget, this may not be an option...

But I've always been a fan of a single wildcard certificate accross the domain.  That is, if it has the same root DNS.

In your case, instead of individual certs for production.domain.com or test.domain.com, you'd just get a *.domain.com and install the same certificate on all of your load balanced servers.

You could also grab a single certificate with multiple hostnames inside it as well, which would be cheaper than the wildcard.  The problem I have with this approach, is that if any of your requirements change prior to the certificate expiring, and you need to add an additional host or something, you'll have to get yet another certificate.  - The wildcard cert is they way to go in my opinion.

But, it can get stupid expensive though.

I use these guys for my public certificates, and they're great:
LVL 14

Expert Comment

by:Andy M
ID: 39726539
You can purchase just one certificate for this - a Multiple Domain (UCC) certificate. This allows you to have multiple domains (5-100) on the same certificate so you only have to configure once then just install this on each machine.


Expert Comment

ID: 39726540
*On note, to boast about the wildcard cert, is that you wouldn't be limited to just web servers.

I use the same certificate on my web servers, exchange CAS boxes, and a couple other places.  So, although it's roughly $350 for a wildcard cert, I end up breaking even because I export the private key and install it on all of my boxes that require certificates in my domain for external access.  One-size fits all so-to-speak.
LVL 33

Accepted Solution

Dave Howe earned 400 total points
ID: 39726657
One - for Production.domain.com. you put it on both servers, as after all, they are load balanced so will be reachable for the same url.

for test.domain.com actual certification isn't required, so self-issue a 10 year certificate, accept it in your browser, then forget about it :)

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

575 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question