Wildcard SSL / multiple domains
We need to be able to have multiple sub domains with individual AName DNS records pointing to the same server IP address and SSL encrypt traffic for these sub domains.
I beleive what we need is a wildcard SSL certificate, and IIS will handle the headers for the relevant sub domains.
Our host is unsure if you can have multiple AName records for different subdomains pointing to the same IP address and use a single SSL certificate.
We think that's what a wildcard SSL certificate enables, but wanted to be sure before we purchase something if it doesn't do what we need.
All advice appreciated.
What's an AName record, do you mean a DNS A record?
Anyway, you can certainly have multiple DNS A records pointing to a single IP, unless there is some arbitrary restriction put on DNS by whomever is providing your domain DNS. How that will affect a wildcard SSL certificate, I have no clue. Maybe your cert vendor has some help on this.
It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
Doug is correct about having multiple "A" records point to a single IP; IIS will just use host header data to determine which site to route the http traffic to. Wildcard SSL(s) simply let you purchase a signed SSL certificate for a top-level domain; which will allow you to use that SSL cert for subdomains. For instance, you may purchase a wildcard SSL for domain.com...and use that for mail.domain.com...buyit.domain.com...server1.sub.domain.com...etc.
If you don't need that feature, you could buy a standard SSL cert for a single domain name such as mail.domain.com, or www.mysite.com. I do believe though, either way, you'll have to purchase a unique SSL cert per top level domain.
Yes A record not C, sorry mixed up terminology, long day!
I have been told you cannot have separate single domain SSL's bound to same IP and to create additonal IP's means a lot of messing about with routing tables, which the host would prefer not to do.
Yeah right have you tried having a coherent conversation with GoDaddy or RapidSSL front line support?
Yesterday tried both, GoDaddy spent 10 minutes unable to find my account, so I gave up, I only wanted to ask a few questions about SSL, but the guy on the phone was only interested in finding our account on the system.
So I tried RapidSSL 'live chat', either they put someone who doesn't know what they are talking about on the front line and so they have to look up the answer before they can reply, or they are expected to have too many 'live chats' with too many people open at the same time and so trying to get a response in a reasonable time is impossible, pulling teeth would be quicker and easier! I gave up, closed the chat window and came posted here insead!
Looks like wildcard SSL it is then, now I just need to find out how I create the request and where I apply the sencond level domain bit as we don't actually have a second level domain in IIS as we use sub domain www, with non-www as an additional alias.
Any guidance for doing this on IIS7?
Edit -> Managed to find my customer number with GoDaddy and so got through to someone who was very helpfull, though 'sales' orientated trying to push the 3year deal!
They have also offered to help with cert request generation and SSL install, so should be sorted once the new server is ready for configuration.
Last edited by 1DMF; May 23rd, 2012 at 05:01 AM.
Sounds like you've got it sorted out. If you have any questions let us know, but the process for installing certs is fairly straight forward, and from what I recall, when you purchase a cert from a place like GoDaddy or other, they provide you with installation instructions.
November 3rd, 2012, 03:08 PM
I think you do have the right idea. Wildcards for multiple subdomains, UCC for multiple domains on a single ssl certificate, thus single ip address.
March 4th, 2013, 05:11 AM
Yes, you can go with Wildcard SSL to secure your multiple sub domains which are hosted on same IP. For more information you can contact to our certificate vendor ClickSSL.com