multi-site ssl certificate
https://stackoverflow.com/questions/4609921
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We have a complete white-label application where clients have pointed domain to our IP address. When request comes in, we check $_SERVER['HTTP_HOST'] and serve up application based on $_SERVER['HTTP_HOST'].
Is it possible to use a multi-site SSL cert for all of our clients?
Solution
This can be done in one of three ways:
- SNI with a unique certificate per domain (as noted in the techrepublic link)
- Wildcard certificate
- Single certificate, with a lot of subjectAltName entries
The downside of (1) is that it only works with certain browsers.
The downside of (2) is that you probably can't get a wildcard certificate from a trusted CA (and even if you do, *.com doesn't match www.foo.com).
The downside of (3) is that, every time your company gets a new client, you need a new certificate (with the new subjectAltName).
Personally, I'd go with (1).
OTHER TIPS
Yes - you'll want to make sure that you use a wildcard SSL certificate, but you should be good to go.
Yes, you need a unified communications certificate (uc certificate or SAN certificate) to handle multi-domains for multiple sites. Try SSL.com UCC (go to http://www.ssl.com/certificates/ucc or http://www.ssl.com/certificates/evucc for EV). Also, if you are running Windows, you may find SSLTools Manager for Windows useful - http://www.ssltools.com/manager.
