Results 1 to 8 of 8

Thread: SSL certificates for public web servers

  1. #1
    Senior Member
    Join Date
    Jul 2003
    Location
    Reading, Berkshire
    Posts
    1,253
    Thanks
    64
    Thanked
    53 times in 34 posts
    • tfboy's system
      • Motherboard:
      • MSI X470 Gaming Plus
      • CPU:
      • AMD Ryzen 7 2700
      • Memory:
      • 2x8GB Corsair Vengeance LPX)
      • Storage:
      • Force MP600 1TB PCIe SSD
      • Graphics card(s):
      • 560 Ti
      • PSU:
      • Corsair RM 650W
      • Case:
      • CM Silencio 550
      • Operating System:
      • W10 Pro
      • Monitor(s):
      • HP LP2475w + Dell 2001FP
      • Internet:
      • VM 350Mb

    SSL certificates for public web servers

    Hi, I'm trying to figure out the best / most flexible way of renewing a SSL certificate.

    Currently, I have one domain with a SSL certificate purchased via GoDaddy and provided via Starfish Tech. This is up for renewal.

    I would like to extend the certificate to cover multiple sub-domains.

    Looking at GoDaddy's site, I'm confused as they talk about "multipe domains (UCC)" and "single domains with multiple subdomains". The examples shown seem to be identical. Yet the names and prices are different.

    So bearing in mind I would like to have:
    subone.mydomain.com and subtwo.mydomain.com, what do you suggest? Those two sites are currently hosted on different VPSs, but I might add more VPSs or more subdomains within a given VPS (they're all running Apache on Linux).

    Suggestions of solutions or alternative providers welcome.

    I could use a self-signed certificate, but I don't want the hassle of people coming back to me saying "it looks insecure, firefox complains", etc. I don't want to have to go to a proper level 2 certificate as it'll be more hassle with the company. All I need is to ensure data is encrypted.

    thanks

  2. #2
    Jay
    Jay is offline
    Gentlemen.. we're history Jay's Avatar
    Join Date
    Aug 2006
    Location
    Jita
    Posts
    8,365
    Thanks
    304
    Thanked
    568 times in 409 posts

    Re: SSL certificates for public web servers

    I think Multi domains is

    domain name.com
    domain name.co.uk etc

    Subdomain

    anything.domain.com
    anything2.domain.com

    multi is good if you have shared hosting with lots of domains on the one box, also good if you have lots of differnt domains on one exchange box.
    □ΞVΞ□

  3. #3
    Senior Member
    Join Date
    Jul 2003
    Location
    Reading, Berkshire
    Posts
    1,253
    Thanks
    64
    Thanked
    53 times in 34 posts
    • tfboy's system
      • Motherboard:
      • MSI X470 Gaming Plus
      • CPU:
      • AMD Ryzen 7 2700
      • Memory:
      • 2x8GB Corsair Vengeance LPX)
      • Storage:
      • Force MP600 1TB PCIe SSD
      • Graphics card(s):
      • 560 Ti
      • PSU:
      • Corsair RM 650W
      • Case:
      • CM Silencio 550
      • Operating System:
      • W10 Pro
      • Monitor(s):
      • HP LP2475w + Dell 2001FP
      • Internet:
      • VM 350Mb

    Re: SSL certificates for public web servers

    Thanks.

    In fact, to be precise, under the UCC header, it talks about SAN (Subject Alternative Names) which seems to be the same thing as multiple sub domains.

  4. #4
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,944
    Thanks
    171
    Thanked
    387 times in 314 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC

    Re: SSL certificates for public web servers

    Quote Originally Posted by tfboy View Post
    Thanks.

    In fact, to be precise, under the UCC header, it talks about SAN (Subject Alternative Names) which seems to be the same thing as multiple sub domains.
    They call the certificates UCC because they are popular with Microsoft Exchange Unified Communications.
    For the UCC certificate, you will only get one certificate with the SAN field populated with alternative names. e.g. If you connect to www.foo.com, the browser gets the www.foo.com certificate. If you connect to webmail.foo.com, your browser sees the www.foo.com certificate. However the SAN field includes webmail.foo.com so the certificate is accepted.

    I believe for the other subdomains certificates, you will get one certificate for each subdomain but I've yet to order one of those so cannot confirm nor deny that.
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  5. #5
    Senior Member
    Join Date
    Jul 2003
    Location
    Reading, Berkshire
    Posts
    1,253
    Thanks
    64
    Thanked
    53 times in 34 posts
    • tfboy's system
      • Motherboard:
      • MSI X470 Gaming Plus
      • CPU:
      • AMD Ryzen 7 2700
      • Memory:
      • 2x8GB Corsair Vengeance LPX)
      • Storage:
      • Force MP600 1TB PCIe SSD
      • Graphics card(s):
      • 560 Ti
      • PSU:
      • Corsair RM 650W
      • Case:
      • CM Silencio 550
      • Operating System:
      • W10 Pro
      • Monitor(s):
      • HP LP2475w + Dell 2001FP
      • Internet:
      • VM 350Mb

    Re: SSL certificates for public web servers

    Thanks.
    With UUC, what happens when you want to add a new subdomain at a later date? Does the updated / reissue of the cert mean that the previous version already installed on the existing servers become invalid? i.e. does an update revoke all previous versions?

  6. #6
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,944
    Thanks
    171
    Thanked
    387 times in 314 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC

    Re: SSL certificates for public web servers

    Quote Originally Posted by tfboy View Post
    Thanks.
    With UUC, what happens when you want to add a new subdomain at a later date? Does the updated / reissue of the cert mean that the previous version already installed on the existing servers become invalid? i.e. does an update revoke all previous versions?
    There is no technical reason for that to happen. With Comodo I have used old certificates that have been superseded and they were not revoked.

    I'm not saying others will not revoke updated certificates, though.

    One thing that is important in this case:

    Make sure your certificate request and renewal process is refined, practised, documented and make sure a reminder flashes up on various calendars for renewal in advance. Certificate renewal is really easy for anyone to do when they follow prepared steps. It takes a lot longer if you don't have the process well documented and tested as you either pick up the pieces after a mistake or double check everything before and after each step.
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  7. Received thanks from:

    tfboy (25-10-2011)

  8. #7
    Senior Member
    Join Date
    Jul 2003
    Location
    Reading, Berkshire
    Posts
    1,253
    Thanks
    64
    Thanked
    53 times in 34 posts
    • tfboy's system
      • Motherboard:
      • MSI X470 Gaming Plus
      • CPU:
      • AMD Ryzen 7 2700
      • Memory:
      • 2x8GB Corsair Vengeance LPX)
      • Storage:
      • Force MP600 1TB PCIe SSD
      • Graphics card(s):
      • 560 Ti
      • PSU:
      • Corsair RM 650W
      • Case:
      • CM Silencio 550
      • Operating System:
      • W10 Pro
      • Monitor(s):
      • HP LP2475w + Dell 2001FP
      • Internet:
      • VM 350Mb

    Re: SSL certificates for public web servers

    Thanks. I did read that you cannot issue a certificate for a domain that already has one. In your case, maybe the re-issue implicitly revoked the previous ones and you didn't have to do it.

    It looks like I'll be sticking to a single domain cert anyway, so the wildcard questions are no longer that important

    Thanks for answering though

  9. #8
    Senior Member
    Join Date
    Jul 2003
    Location
    Reading, Berkshire
    Posts
    1,253
    Thanks
    64
    Thanked
    53 times in 34 posts
    • tfboy's system
      • Motherboard:
      • MSI X470 Gaming Plus
      • CPU:
      • AMD Ryzen 7 2700
      • Memory:
      • 2x8GB Corsair Vengeance LPX)
      • Storage:
      • Force MP600 1TB PCIe SSD
      • Graphics card(s):
      • 560 Ti
      • PSU:
      • Corsair RM 650W
      • Case:
      • CM Silencio 550
      • Operating System:
      • W10 Pro
      • Monitor(s):
      • HP LP2475w + Dell 2001FP
      • Internet:
      • VM 350Mb

    Re: SSL certificates for public web servers

    I guess Zybros' response from this afternoon was soft deleted LOL.

    I think I'm fine now: startssl do free ones for a year, and that'll keep me going till next year

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Web hosting - dedicated servers
    By dannyboy83 in forum Software
    Replies: 9
    Last Post: 23-09-2007, 10:48 PM
  2. Web Bugs - are you worried?
    By Taz in forum General Discussion
    Replies: 9
    Last Post: 30-12-2005, 08:42 PM
  3. Framed web forwarding
    By ricob in forum Networking and Broadband
    Replies: 4
    Last Post: 26-01-2005, 09:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •