#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2009
    Posts
    334
    Rep Power
    246

    Wildcard SSL / multiple domains


    hi,

    We need to be able to have multiple sub domains with individual AName DNS records pointing to the same server IP address and SSL encrypt traffic for these sub domains.

    I beleive what we need is a wildcard SSL certificate, and IIS will handle the headers for the relevant sub domains.

    Our host is unsure if you can have multiple AName records for different subdomains pointing to the same IP address and use a single SSL certificate.

    We think that's what a wildcard SSL certificate enables, but wanted to be sure before we purchase something if it doesn't do what we need.

    All advice appreciated.

    1DMF
    Free MP3 Dance Music Downloads

    To err is human; To really balls things up you need Microsoft!
  2. #2
  3. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    What's an AName record, do you mean a DNS A record?

    Anyway, you can certainly have multiple DNS A records pointing to a single IP, unless there is some arbitrary restriction put on DNS by whomever is providing your domain DNS. How that will affect a wildcard SSL certificate, I have no clue. Maybe your cert vendor has some help on this.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    Doug is correct about having multiple "A" records point to a single IP; IIS will just use host header data to determine which site to route the http traffic to. Wildcard SSL(s) simply let you purchase a signed SSL certificate for a top-level domain; which will allow you to use that SSL cert for subdomains. For instance, you may purchase a wildcard SSL for domain.com...and use that for mail.domain.com...buyit.domain.com...server1.sub.domain.com...etc.

    If you don't need that feature, you could buy a standard SSL cert for a single domain name such as mail.domain.com, or www.mysite.com. I do believe though, either way, you'll have to purchase a unique SSL cert per top level domain.
  6. #4
  7. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2009
    Posts
    334
    Rep Power
    246

    What's an AName record, do you mean a DNS A record?
    Yes A record not C, sorry mixed up terminology, long day!

    I have been told you cannot have separate single domain SSL's bound to same IP and to create additonal IP's means a lot of messing about with routing tables, which the host would prefer not to do.

    Maybe your cert vendor has some help on this.
    Yeah right have you tried having a coherent conversation with GoDaddy or RapidSSL front line support?

    Yesterday tried both, GoDaddy spent 10 minutes unable to find my account, so I gave up, I only wanted to ask a few questions about SSL, but the guy on the phone was only interested in finding our account on the system.

    So I tried RapidSSL 'live chat', either they put someone who doesn't know what they are talking about on the front line and so they have to look up the answer before they can reply, or they are expected to have too many 'live chats' with too many people open at the same time and so trying to get a response in a reasonable time is impossible, pulling teeth would be quicker and easier! I gave up, closed the chat window and came posted here insead!

    Looks like wildcard SSL it is then, now I just need to find out how I create the request and where I apply the sencond level domain bit as we don't actually have a second level domain in IIS as we use sub domain www, with non-www as an additional alias.

    Any guidance for doing this on IIS7?

    Edit -> Managed to find my customer number with GoDaddy and so got through to someone who was very helpfull, though 'sales' orientated trying to push the 3year deal!

    They have also offered to help with cert request generation and SSL install, so should be sorted once the new server is ready for configuration.
    Last edited by 1DMF; May 23rd, 2012 at 05:01 AM.
    Free MP3 Dance Music Downloads

    To err is human; To really balls things up you need Microsoft!
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,408
    Rep Power
    2004
    Sounds like you've got it sorted out. If you have any questions let us know, but the process for installing certs is fairly straight forward, and from what I recall, when you purchase a cert from a place like GoDaddy or other, they provide you with installation instructions.
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    8
    Rep Power
    0
    I think you do have the right idea. Wildcards for multiple subdomains, UCC for multiple domains on a single ssl certificate, thus single ip address.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2013
    Posts
    2
    Rep Power
    0
    Yes, you can go with Wildcard SSL to secure your multiple sub domains which are hosted on same IP. For more information you can contact to our certificate vendor ClickSSL.com

IMN logo majestic logo threadwatch logo seochat tools logo