Link to home
Start Free TrialLog in
Avatar of Tim
TimFlag for United States of America

asked on

SAN address on SSL certificate

I would like to know how to confiure my network to get a SAN name to work on my network. I have an SSL for our Exchange server at address mail.mydomain.com and it has been working properly the whole time. I needed to get an additional SSL for a web application for mobile devices. I created a SAN on our current SSL and it is web.mydomain.com. I went to our domain registrar and created a DNS entry pointing to a public address which is NAT'ed to an address on our LAN. The ports for the Web address have been opened however the port is 3443 instead of 443. When I try to go to that address the address does not resolve to port 3443 and when I manually put the port in the certificate comes back stating "None of the common names in the certificate match the name that was entered (web.mydomain.com)" What am I missing? Do I need to make an entry on my DNS server for my domain? Do I need to make a modification on my registrar DNS?
Avatar of Sean Jackson
Sean Jackson
Flag of United States of America image

Can you confirm you have a Wildcard certificate? Only Wildcard certs can be used for multiple subdomains.
Avatar of Tim

ASKER

I do not have a wildcard certificate and I don't know if I can have one. The reason I don't know if I can have one is that we have a business website that uses www.mydomain.com hosted by another company and if I make a *.mydomain.com wildcard certificate I don't want to cause confusion on the web with a certificate that covers both www and mail, web. Can I create a wildcard certificate and not cause confusion? The host company purchased an SSL for the WWW doamin and I have an SSL for mail and web.
Then that's your problem.  You'd need a cert for mail.yourdomain.com and for web.yourdomain.com.  A wildcard cert will work for *.yourdomain.com.  With SANs, those need to be identified when the certificate is issued.  If you wanted to add a new name to the cert, you would have to reissue it with the new name in it.
Avatar of Tim

ASKER

If I make a Wildcard cert will it affect the cert that has www.mydomain.com? I cannot bring down our retail website so I want to make sure.
Avatar of Tim

ASKER

I was just speaking with GoDaddy and a wildcard cert is way too much for just two addresses. How can I configure my domain to use the certificate I already have to secure both sites?
ASKER CERTIFIED SOLUTION
Avatar of Sean Jackson
Sean Jackson
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tim

ASKER

What's the point of a SAN if you can't use it on a different server in the same domain? I am going to have to use a self signed SSL until I get this SAN issue figured out.
I've only seen SAN certs work for an ISP-type situation where they are wanting to offer discounted SSL. Terrible idea, but that's where they're most effective, or somewhere a blogger has three different domains or something.

What you're looking for (changing the subdomain) requires the wildcard cert, which is expensive (as you've seen). It's all about the FQDN.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tim

ASKER

Darn! I have gone down the wrong path. Thanks Dave for clearing up what a SAN can do and Thank you Sean for trying to help me out with this situation. I gave point to both of you but Sean got more since he provided more help. Thanks for all your input.