Can I buy just one SSL cert for a subdomain?

Question

I bought a plain ole SSL cert for mydomain.com. I also want to secure www.mydomain.com and mail.mydomain.com, which both map to the same server. Is this possible?

I'm trying to avoid having to buy a wildcard SSL as it costs $200 when all I really need is two subdomains.

score 6 · Accepted Answer · answered Nov 21 '09 at 21:46

Yes, you should be able to buy a "multidomain" certificate that lists both example.com and www.example.com in the subjectAltName. If your SSL provider can't / won't provide you with a multidomain certificate, find another provider. Be warned: like all SSL certificate things, they're a monster freaking scam, and you'll want to steel yourself for the price hike for adding a second related name to a certificate... it's freaking ridiculous.

Oh, one thing: I recently noticed that one of the companies we resell certs from automatically provides certificates for example.com with the www.example.com altname built-in, for no extra cost. I'd never seen it before, but someone's doing it, so it might be worth looking around.

I ended up getting a UCC cert from GoDaddy with one of their a coupon discount. Cheap and got the job done. — Matias Nino, Apr 19 '12 at 13:54

score 3 · Answer 2 · answered Nov 22 '09 at 04:54

3

Sure, I don't see why a CA won't sign one for enough money.

I think the real question is can you support multiple SSL certificates? You can only use 1 SSL certificate per IP, not hostname.
You say you have multiple hostnames pointing to the same machine, in order for each subdomain to have a separate SSL certificate - each subdomain needs to be on a separate IP.

Will the CA be willing to "lump" all the domains into a single certificate so you can serve the same certificate for multiple domain names? I can't think of one, but it can be done.

answered Nov 22 '09 at 04:54

Natalie Adams

745
1
6
16

It is definitely possible to have multiple domains hosted at one IP address each with their own SSL cert installed. – akronymn Sep 04 '19 at 19:02
This was written about 10 years ago. Back then it was a crapshoot if your browser/client supported SNI. Records show that Microsoft doesn't support SNI on IE on Windows XP (which was the dominant OS at the time). Chrome didn't support it until 2010. Those were dark times back then. – Natalie Adams Sep 15 '19 at 18:06

score 1 · Answer 3 · answered Nov 21 '09 at 21:41

1

Wildcard certs are actually a newer concept than certs which are limited to just a few domains.

You might even be able to get a single cert which has both listed, but it depends on the application to accept this without warning about it.

answered Nov 21 '09 at 21:41

Michael Graff

6,668
1
24
36

score 1 · Answer 4 · answered Nov 21 '09 at 21:45

When the cert authority makes a CERT they can define multiple domains or subdomains.

You can view the details of your cert and look under Subject Alternative Name to see if your cert supports multiple names.

DNS NAME=mydomain.com
DNS NAME=www.mydomain.com

The base name and the www name are typically included. You can ask the cert authority to reissue the cert with more sub domains, or buy specific ones.

score 1 · Answer 5 · answered Nov 22 '09 at 08:23

Seems like at ~$10/year, you could get a single SSL cert for each (sub)domain you wish to support. Traditionally, each SSL host required a distinct IP address due to SSL's connection setup sequence, but I hear that Server Name Indication support (http://en.wikipedia.org/wiki/Server_Name_Indication) can be used in servers like Apache and nginx to provide "virtual hosting for HTTPS" via one IP address. The hangup will be in your user's browser... older one's like IE6 don't well support SNI.

In other words, in most realistic cases, you actually *can't* do this. — David Schwartz, Oct 27 '11 at 08:18

Can I buy just one SSL cert for a subdomain?

5 Answers5

Linked