[PLUG] multiple ssl domains on apache - special case for wildcard cert

Sean Harbour sean at harbours.us
Wed Apr 27 01:54:01 UTC 2005


Well, in some special cases, you can use a wild card certificate. They cost about 3 x what a single name cert does, but are well worth it for where they apply. The trick is, wild card certs only work for subdomains. For instance, your domain is foo.com. You can purchase a wild card cert for *.foo.com. There are no IP address limitations to the certificate, it works for any valid dns host name at foo.com. So, a.foo.com, b.foo.com, x.foo.com would all be valid hostnames with a single wild card certificate. You can put the same certificate on 1000 separate servers, or 1000 virtual domains on 1 server that all go to the same directory, and it will work fine.
One caveat is that they only work for one subdomain level below the registered name. a.foo.com is valid, but x.a.foo.com is not, unless you purchase another wild card cert specifically for *.a.foo.com to use with x.a.foo.com.

We use a single wild card certificate at work for our apache, IIS and hardware ssl accelerators with no problems. Figuring out how to convert the certificate to work on each platform can be entertaining, but google is your friend.

Wildcard certs are intended for enterprise use, and obviously cannot be used to cheaply encrypt just any random domain name agglomeration. Hope this helps.

Sean Harbour

> 
> > I would think this would be a fairly common question,
> > but much Googling has turned up nothing: How does one
> > install multiple SSL certs for multiple domains
> > pointing to the same directory on the same server? 



More information about the PLUG mailing list