7

I have a question about SSL certs and multiple servers.

Question:

I have one cert, one domain name and I have many servers that hold my website code.

Example.com can point to IPs 192.168.1.1, 192.168.1.2,192.168.1.3, and 192.168.1.4. one for USA North, USA South, USA East, USA West.

  1. How do we apply this cert to that one domain name that can point to multiple IPs?
  2. Is a load balancing needed?
Kevin
  • 223
  • 3
  • 7

2 Answers2

8
  1. The IP address is not relevant for SSL/TLS on websites. What is important is that the name the browser uses (e.g. example.com) matches the name listed in the certificate. So, if you install the cert on many servers and somehow make sure you can reach them all with the same DNS name, things should work.
  2. Does your application require load balancing? Would something simpler like RRDNS work? Anycast DNS entries? You need to know this, we can't tell you.
Sven
  • 98,649
  • 14
  • 180
  • 226
  • Ah, so can one assign many ip address to a domain name entry? The questions are theoretical, I don't have a system i am setting up. I am just wondering how it works. – Kevin Jul 29 '15 at 15:23
  • 1
    Yes you can, but please read our [help]. SF is a site for pro admins and we only deal with actual, current problems you face in your daily work. – Sven Jul 29 '15 at 15:33
2

An SSL certificate issued on FQDN (fully qualified domain name), so it is essential that the common name in the certificate will be matched with browsing website URL.

Unlimited server licensing is an excellent feature that most certificate authorities are provided with an SSL certificate. It means that a single SSL certificate can work on multiple servers.

For instance, let’s say you are running an e-commerce website hosted on multiple servers and for that you need a single SSL certificate. You do not need to spend extra money for the individual SSL certificate.

How to apply?

While ordering SSL certificate, there is an option of choosing the number of servers that you wish to secure. Here, select the number of servers and complete the buying process. After getting the certificate, you have to install the certificate where the CSR was generated earlier.

Now export the certificate file with the private key and then import the certificate file and private key to additional selected servers.

Important Note:

If you go with the Symantec SSL certificate, the authority will charge for each additional server license.

Jason Parms
  • 272
  • 2
  • 5
  • 1
    The number of needed certificates does not matter and it does not matter on which machine the CSR has been created. – sebix Aug 01 '15 at 15:15