We are developing software for a client, whose primary domain will host our software on a subdomain. Our concern is whether the SSL certificate of the main domain will cover the subdomain and enable it to operate over https.

To answer this:
1. If the SSL certificate exists for the main domain (e.g. example.com) and is accessible over https, will the certificate also be applied to all subdomains, such as usb.example.com?
2. If the subdomains are hosted on another server, will the SSL certificate still work?
3. What configuration changes must be made to ensure the SSL certificate works on the subdomain hosted on another server?
In cases where an SSL certificate is necessary for both the main domain and its subdomains, how can it be obtained?

As developers of the software, but without ownership of the domain, how can we acquire an SSL certificate for the subdomain?

I am open to any feedback.

Wildcard certificates, which must be agreed upon in advance, allow for broad coverage across subdomains. However, it's important to note that a wildcard certificate does not apply to the root domain. For example, a certificate issued for *.server.net will not work for server.net.

Having the certificate physically located on another server will prevent its use.

In cases where each subdomain is hosted on a separate server, obtaining a distinct certificate for each subdomain is necessary.

The type of verification requested by the certificate plays a large role in determining who can obtain it. With minimal verification, anyone can get it, but with confirmation, it is preferred that the client obtains the certificate.

1. Generally, certificates are only issued for a single domain; occasionally they may be issued for both a domain and its www subdomain.
2. As stated in the previous point, separate certificates must be obtained. However, it's not difficult to transfer the public and private keys to another server. The most important thing is that the certificates are issued for the correct domain or subdomain, regardless of where they are located.
 
3. It would be wise to determine which certificates are necessary before proceeding. If free certificates suffice, then services like https://letsencrypt.org/ can be utilized.
 
4. Certainly, you can make use of copyrighted material if you obtain permission from the copyright owner.

The protection of domains and subdomains depends on the type of certificate used for the primary domain. Typically, Comodo PositiveSSL or similar certificates are designed to protect only one domain. However, if a Wildcard certificate is used, the main domain and its subdomains will be protected at "deep" level 1. For example, subdomains such as mail.my.chamomile.com and base.my.chamomile.com will be protected.

If a Multidomain certificate is used, all necessary domains and subdomains will be protected, but each subdomain will need to be specified as an independent domain, which can be costly and not profitable as additional fees apply. It's important to note that RapidSSL Wildcard may only work with a specific type of main domain.

To ensure protection, the Wildcard certificate needs to be installed on all servers where domains and subdomains are located. When ordering a certificate, separate certificates for the domain and each subdomain will be required if using Comodo PositiveSSL. On the other hand, if a Wildcard certificate is used, the domain and all subdomains must be specified when placing the order.

Alternatively, as a contact person with access to the necessary mailboxes and information about the company, you can make an order for a certificate. In any case, the client will be the owner of the certificate.

I will answer your questions regarding SSL certificates for subdomains.

1. If the SSL certificate exists for the main domain (e.g. example.com) and is accessible over https, the certificate may or may not cover subdomains such as usb.example.com. This depends on the type of SSL certificate obtained. A wildcard SSL certificate, indicated by an asterisk in the subdomain field (e.g. *.example.com), will cover all subdomains under the main domain. However, a standard SSL certificate will only cover the specific domain it was issued for and not its subdomains.

2. If the subdomains are hosted on another server, the SSL certificate for the main domain can still work. The certificate needs to be installed on the server hosting the subdomain to enable https communication. However, this requires access to the SSL certificate and the server configuration for the subdomain.

3. To ensure the SSL certificate works on the subdomain hosted on another server, the certificate should be installed on that server and the server configuration should be updated to use the certificate for the subdomain.

If an SSL certificate is necessary for both the main domain and its subdomains, you can obtain a wildcard SSL certificate that covers all subdomains under the main domain as mentioned earlier. Another option is to get a multi-domain SSL certificate where you can specify the main domain and its subdomains during the certificate issuance process.

As developers without ownership of the domain, you can request the domain owner to obtain an SSL certificate for the subdomain. Alternatively, you can consider using Let's Encrypt, a certificate authority that offers free SSL certificates, to secure the subdomain. Keep in mind that you will need cooperation from the domain owner to install the SSL certificate on the server hosting the subdomain.


If the SSL certificate exists for the main domain and does not cover subdomains, you can request the domain owner to acquire a new SSL certificate that includes the specific subdomain. Alternatively, if the subdomain is hosted on a separate server, you may need to consider obtaining a separate SSL certificate for that server or exploring wildcard SSL certificates to cover all subdomains.

When subdomains are hosted on another server, the SSL certificate for the main domain can still work, but it needs to be transferred and installed on the server hosting the subdomain. This requires coordination with the server administrator. Additionally, the DNS records for the subdomain need to be configured to point to the server where the SSL certificate is installed.

To obtain an SSL certificate for the subdomain as a developer without ownership of the domain, you can make use of certificate authorities like Let's Encrypt, which provide free SSL certificates. However, installation of the certificate will require cooperation from the domain owner or administrator to modify server configurations.

Another option is to leverage services provided by web hosting companies or SSL certificate vendors that offer SSL management tools. These tools often have options for acquiring and managing SSL certificates for subdomains, and they may provide APIs or integration methods that allow you to automate the SSL certificate acquisition and installation process.