Is it possible to get one SSL certificate * .mysubdomain.example.com and mysubdomain.example.com

Question

Is it possible to get one SSL certificate * .mysubdomain.example.com and mysubdomain.example.com

Is it possible to get one SSL certificate *.mysubdomain.example.com and mysubdomain.example.com , I need it because I use 2 IP addresses on my dedicated server, but now I go to Azure on azure, we can not add two https endpoints. or another solution for azure I need two https endpoints

+3

ssl azure

Govind KamalaPrakash Malviya May 04 '12 at 4:47

source share

3 answers

Jonathan mcintire · Answer 1 · 2012-05-04T05:02:25+0000

You can purchase a wildcard SSL certificate that encrypts requests made at * .example.com. This will work for an unlimited number of third level subdomains. To include subdomains of the second level (example.com) and the fourth level (subforthlev.subthirdlev.example.com) or higher, you must find a certification authority (CA) that allows you to include several alternative object names (SANs) in the substitution certificate. Each third level domain must be manually added as a SAN.

Edit: I used DigiCert wildcard certificates several times, and I did not come across a browser or device that did not have their root certificate (see their compatibility list ). Wildcard DigiCert certificates allow you to protect an unlimited number of subdomains regardless of domain level. Excerpt from the first link:

DigiCert WildCard ssl certificates are unique, allowing you to protect any subdomain of your domain, including several levels of subdomains with one certificate. For example, your WildCard for * .digicert.com com may include server1.sub.mail.digicert.com as an alternate subject name.

Bruno · Answer 2 · 2012-05-04T08:25:26+0000

If you want your certificate to be valid for both *.mysubdomain.example.com and mysubdomain.example.com , it must have the name of an alternative object name.

The *.mysubdomain.example.com does not cover mysubdomain.example.com .

These rules are defined in RFC 2818 and refined in RFC 6125 :

  If the wildcard character is the only character of the left-most label in the presented identifier, the client SHOULD NOT compare against anything but the left-most label of the reference identifier (eg, *.example.com would match foo.example.com but not bar.foo.example.com or example.com).

In practice, this is really the way most browsers react.

However, it is likely that the CA issuing the substitution certificate for *.mysubdomain.example.com will also add the SAN for mysubdomain.example.com . Contact your CA.

Vitor ciaramella · Answer 3 · 2013-04-04T11:16:53+0000

You can use multiple SSL certificates and add them all to one endpoint, automating the process of installing certificates on a machine and adding HTTPS bindings to IIS.

IIS 8 (Windows Server 2012) supports SNI, which allows you to add a "hostheader" to the HTTPS binding.

I am a Microsoft technical technical consultant, and I posted a detailed explanation and sample plug and play source code: http://www.vic.ms/microsoft/windows-azure/multiples-ssl-certificates-on-windows-azure-cloud -services /

Is it possible to get one SSL certificate * .mysubdomain.example.com and mysubdomain.example.com

More articles: