Portal Home > Knowledgebase > Articles Database > multiple servers, one cert, multiple domains on 1 IP
multiple servers, one cert, multiple domains on 1 IP
| Posted by scwhite2002, 01-10-2016, 12:55 PM |
| I would appreciate some input.
I have a reseller account at HG and some of our clients will be getting routine hosting accounts and some will have their sites served from a server in a data center located at another facility. The dedicated servers are running a multi-tenant web application serving all sites on one IP and the HG ones are on shared hosting.
I want to set all sites up on HG resell account and simply point DNS to my dedicated servers for those that use those web services. This seems to work fine and I was planning to install a Comoto UCC DL cert which covers multiple domains and then just pay the $ to add each customer that needs one. If I understand right I will have the main cert installed on my HG reseller domain and then I can install the same cert on my dedicated servers? HG requires that they install certs on their system but I assume I can install the add-on domains myself on the dedicated servers?
|
| Posted by Srv24x7, 01-12-2016, 10:22 AM |
| Hi,
The SSL should be installed on the webserver where the domain is actually present, not on the server where the DNS is hosted pointing it to webserver.
|
| Posted by scwhite2002, 01-12-2016, 11:21 AM |
| Hey thanks for responding. I do get that where the DNS is doesn't matter, I was just explaining the setup. My main domain at my reseller needs it installed, many of the clients serving from that system need it and each of my webservers need ssl for the domains they serve. The remote webservers have multiple domains pointing at a single IP on Apache and I am assuming the ones on the HG system will probably point to one IP as well.
I think I am getting it wrong though on the Comodo UCC cert. as it's stated for the exchange environment and it sounds like what I'm talking about doing wouldn't work.
So it is still really just a single cert per client? At least I can get a wildcard for the A record clients
I guess I will explore a shared one on the webservers as an option.
Last edited by scwhite2002; 01-12-2016 at 11:35 AM.
|
| Posted by DivinePrad, 01-13-2016, 01:54 AM |
| Normally SSL cert is for a single domain. If you get a wildcard cert, you can install it for all subdomains of that domain. For example, a wildcard cert applies to abc.domain.com, xyz.domain.com etc. It will not work for domain1.com , domain2.com etc.
If you need SSL installed for multiple domains, you should get certs for those domains. If you have SNI configured on the server, then all domains can have SSL on a single IP and it eliminates the needs for having dedicated IP for individual domains. If SNI is not present, then you would need dedicated IP for individual domains to install SSL. I do not know much about the UCC cert you mentioned, but I read it is for exchange environment.
|
| Posted by CodyRo, 01-13-2016, 02:03 AM |
| It's worth amending this statement (which is mostly true) to mention SAN (Subject Alternative Name) certificates. They're sort of a mix of an old school SSL certificate (protecting a single FQDN) and a wildcard (protecting several). Depending on the certificate it can protect several subdomains at once (IE: domain.com, www.domain.com, foo.domain.com, bar.domain.com).
|
| Posted by scwhite2002, 01-13-2016, 03:15 PM |
| Coming to the same conclusion Devine, wildcard for my main domain to pick up all A record clients and individual certs for each client domain installed on each remote server using SNI enabled server. I am assuming I can install the wildcard cert on my remotes as well. Almost all A record clients will be getting hosting from the remote servers, likely spread out over several.
Will check out SAN further Cody, thanks.
|
| Posted by Srv24x7, 01-15-2016, 10:13 AM |
| Hi,
You can use the wildcard for the server hostname and subdomain parts, but to use it for multiple domains, you will need a separate multidomain SSL. There are SSL provider like namecheap and rapidssl and many more those provide multidomain SSL by providing one CSR to them. This one SSL certificate when installed show a list of how many domain it covers and this could be helpful for you.
|
| Posted by MechanicWeb-shoss, 01-15-2016, 02:57 PM |
| Is that HostGator? If yes, you should be more concerned about your host than SSL. Run while you still have time. Just do a quick search regarding hostgator or EIG around the forums to know what they are!
After that, go for a SAN (multi-domain) SSL for multiple domains.
|
| Posted by scwhite2002, 01-16-2016, 01:37 PM |
| Thanks srv24 & Mechanic, that is what I am going to attempt. Do I get a separate ssl cert for each phy server and then have it cover the client domains on that server as I add them OR do I buy one for the main domain account and add domains to the master cert and install that multi-domain cert on each phy server? Most of them have a maximum # of domains. Do I simply buy an additional one when the max is reached and start adding the additional domains to the next one?
Hey MechanicWeb who do you recommend as a great reputable re-seller?
|
Add to Favourites 
Print this Article
Also Read
