-1

I need to secure a domain example.com and subdomains, dash.example.com, sql.example.com, etc...

I didn't set up the server so I don't really know the DNS entries. As you may notice I'm really new to this. I noticed that example.com and the subdomains dash.example.com, sql... don't have the same IP address and not the same web host. So are they really subdomains?

Can I still purchase a certificate for www.example.com and use ServerAlias of virtual host of Apache to secure the subdomains? Or should i purchase a wildcard certificate for *.example.com and somehow add example.com to the virtualhost?

It may be a bit confusing as I don't really know what i'm talking about so please understand!

Tim Brigham
  • 15,545
  • 10
  • 75
  • 115
Sebastien
  • 33
  • 1
  • 6
  • Yes, they're still subdomains if they're hosted on different servers. This is common. In fact, it's common for a *single* domain like `www.facebook.com` to be handled by thousands of different servers. – ceejayoz Jul 22 '14 at 17:43

2 Answers2

1

  1. Yes, they are really subdomains - subdomain should not neccesary sit on the same IP.

  2. You will need two certificates: one for example.com, second for *.example.com, and mind that * does not include a dot - so, bought *.example.com will not help you so use SSL with subdomain.subdomain.example.com

Some providers use SubjectAltName - then you can use one certificate with example.com and *.example.com

maniaque
  • 730
  • 2
  • 6
  • 13
0

Certificates can be mapped in just about any combination you may need.

I noticed that example.com and the subdomains dash.example.com, sql... don't have the same IP address and not the same web host.

Based on this description you will need at least two certificates, one for example.com and the other a wildcard for *.example.com. Depending on your exact situation - notably if all of these are running on the same server or not - it may be cheaper to purchase individual host names. Many vendors license your SSL certificates by the number of servers they are installed on.

Can I still purchase a certificate for www.example.com and use ServerAlias of virtual host of Apache to secure the subdomains? Or should i purchase a wildcard certificate for *.example.com and somehow add example.com to the virtualhost?

Ideally you don't want to change any of the existing virtual host directives but add duplicates for them, mapped to the correct HTTPS port (443).

For example:

<VirtualHost ipaddress:80>
    ServerName example.com
    .... <your existing definition> 
</VirtualHost>

You copy this to a new block like the following. 

<VirtualHost ipaddress:443>
    ServerName example.com
    ....
    SSLProxyEngine on
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
</VirtualHost>
Tim Brigham
  • 15,545
  • 10
  • 75
  • 115