If you like DNray Forum, you can support it by - BTC: bc1qppjcl3c2cyjazy6lepmrv3fh6ke9mxs7zpfky0 , TRC20 and more...

 

Which certificate is needed for one domain name and different subdomains?

Started by sujitbikash, Nov 29, 2022, 09:48 AM

Previous topic - Next topic

sujitbikashTopic starter

This service caters to various clients who work with their own subdomains under a single domain. This is hosted on different physical servers accommodating multiple clients per server.

The question is whether it is feasible to obtain one SSL certificate for this system or if a separate wildcard SSL certificate is required for each server.

It should be noted that different keys are generated on each server. One suggestion was to duplicate the key on various servers to enable the use of a single certificate.

Have you encountered a similar situation and attempted this solution?
  •  

cassie_camay

A Single Wildcard certificate would suffice your requirements. It provides support for an unlimited number of servers.

What this means is you generate a CSR request and key on one server, and the original certificate will be issued. Subsequently, when you generate a CSR request and key from another web server, the current one will be reissued to you. However, both the first and its issued duplicate with a different CSR and key will continue to work, irrespective of the number of times you opt to reissue.
  •  

eaststpauldentist

Generally, single domain certificates are the norm. However, one can opt for Wildcard or SAN certificates, which are relatively costly but offer protection for multiple domains.

Wildcard certificates safeguard the domain and all subdomains of the same level. For instance, if a certificate is ordered for the domain "domain.ru", it will also provide protection for subdomains such as "mail.domain.com" or "service.domain.com".

On the other hand, a single SAN certificate has the capability of securing up to 100 different domains across one or more servers.
  •  

tinjuashok

In your case, if each client has their own subdomain under a single domain and each subdomain is hosted on a different physical server, it would be more practical to obtain a separate wildcard SSL certificate for each server. This is because wildcard SSL certificates are typically issued for a specific domain and its subdomains.

Duplicating the same key across multiple servers may not be recommended as it could pose potential security risks. It's generally best practice to generate unique keys for each server to ensure the highest level of security.

In a scenario where you have multiple clients with their own subdomains hosted on different physical servers, there are a few considerations to keep in mind when it comes to SSL certificates.

1. Wildcard SSL Certificate: A wildcard SSL certificate can secure multiple subdomains under a single domain. If all the subdomains you need to secure follow a specific pattern, such as client1.example.com, client2.example.com, etc., then a wildcard SSL certificate for *.example.com could be a suitable option. This certificate would cover all the subdomains, regardless of the server they are hosted on.

2. Server-Specific Certificates: If the subdomains are not organized in a uniform pattern or if you need separate keys for each server, you may need to obtain separate SSL certificates for each server. In this case, individual SSL certificates for each subdomain or server-specific SSL certificates would be necessary.

3. Key Duplication: Duplicating the same private key across multiple servers is not generally recommended. Each server should have its own unique private key to maintain the security and integrity of the SSL certificate. Sharing a private key among multiple servers increases the risk of compromise, as a breach on one server would affect all the others sharing the same key.

Ultimately, the choice between a wildcard SSL certificate and separate certificates for each server depends on your specific requirements, budget, and the structure of your subdomains. It's advisable to consult with a trusted SSL certificate provider or an experienced professional to determine the best approach for your particular situation.
  •  


If you like DNray forum, you can support it by - BTC: bc1qppjcl3c2cyjazy6lepmrv3fh6ke9mxs7zpfky0 , TRC20 and more...