We have domain: littledogs.com and a subdomain pics.littledogs.com. This two domains point to two servers. The business login is on server A (littledog.com) and we store all of our pictures on servers B (pics.littledog.com). We bought an EV SSL for littledogs.com, but we want another for the other server too, because we want to provide the image links with https. The EV SSL, what we have, doesn't have a wild card support. So what is the solution?
Asked
Active
Viewed 325 times
2 Answers
2
From https://www.digicert.com/extended-validation-ev-ssl.htm:
Fortunately, while EV wildcards are not permissible (due to the requirements put forth for the issuance of EV certificates by the CAB forum, which regulates the use and issuance of EV certificates), many similar functions can be attained with the use of subject alternate names.
Thus, either get a single EV certificate which includes all the names you need or get multiple EV certificates.
Steffen Ullrich
- 13,227
- 27
- 39
-
Thanks. So I need a new cert for the subdomain, EV is not necessary for that server. – Roberto Oct 28 '15 at 11:57
-
Correct. EV is not needed. – Chase Oct 28 '15 at 19:48
0
Certs, unless they are wildcats certs, are only valid for the specific domains.
EV certs cannot have wildcards.
You need another cert for the other domain, or you need to request a change to your EV cert to include that subdomain.
As no one will go to your subdomain directly, it's probably pretty pointless to spend the extra for an EV cert for that domain (unless your current cert provider will add that subdomain to your current cert and reissue it for a reasonable price). You could even get a free cert for this subdomain from a few providers (keep an eye on LetsEncrypt btw which is a very new provider which aims to offer free DV certs automatically).
On a separate, but related issue, domain sharding (i.e. having a separate domain for assets like pictures) have some benefits and also some downsides. The primary benefit is that they can have performance benefits (as web browsers can open more connections to that domain to download in parallel), but the downsides include some performance hits (as connection opening and SSL negotiation takes time and resources). HTTP/2 removes the performance benefit so after that becomes more mainstream I would see sharding dropping out of use.
Barry Pollard
- 4,591
- 15
- 26
-
But http/2 didn't removes the biggest benefit on using subdomains - each subdomain can be on separated servers. You can sit example.com on big application server and static.example.com can point to CDN to server static content (images, css and so on). It is possible to do with some proxy on example.com, but separating on DNS level is better in my point of view. – Ondra Sniper Flidr Oct 28 '15 at 13:30
-
Arguable whether that's "the biggest benefit". For me the biggest benefit is the extra connections you allow the browser to make as the number of connections is limited by browser per domain/subdomain. The fact you have to create separate domains to up the number of connections to get better performance is a hack which HTTP/2 solves. CDN can still be used from one server with appropriate cache control headers for the static content. – Barry Pollard Oct 28 '15 at 13:56