0

I have 6 different micro services with an Azure Traffic Manager setup for each of them. The services are running in 3 different regions to improve their performance but I need to come up with the certificates for the Azure Traffic Manager.

I have seen that there are two options available in the Azure Portal: The Standard and the Wild Card. While the latter is much more expensive, I was wondering if the same SSL Certificate can be used in all my 6 services so in the end, I will save money.

All my sites are like this:

As you can see the, the domain is the same (I do not have any custom domain, just the by default trafficmanager.net), so I am wondering whether one certificate will be enough. I have not seen any information about the wildcard certificate and it is pretty expensive to just give it a try...

Also, is there any security concern if I use the same certificate for all the sites? Is there a best practice recommendation? 1 certificate per site vs. 1 certificate for multiple sites.

Lastly, if I decide to use Custom Domains in the future, will I be able to reuse the issued certificate? (the domain will not be trafficmanager.net anymore)

user3587624
  • 1,427
  • 5
  • 29
  • 60

1 Answers1

2

Actually, a valid SSL certificate must match the access FQDN domain name. One Standard certificate only could be used for one FQDN domain name, such as "foo1.trafficmanager.net" while one WildCard certificate could be used for all like "*.trafficmanager.net" FQDN domain name, so usually we use the same WildCard certificate for all different services.

If you use Custom Domains in the future, you need to deploy new certificate to match the new Custom domain.

You can get more details about SSL Certificate Names

Nancy
  • 26,865
  • 3
  • 18
  • 34
  • Thank you! I have not seen anything that says whether there is any limitation in terms of number of sites. I guess that as long as your site matches with the wild card subdomain, you can have as many as you want. Is that correct? Also, seems like it is important to decide whether or not you want to setup a Custom Domain beforehand, otherwise the certificate will not work at all... – user3587624 Nov 11 '18 at 22:11
  • You are correct, the site is unlimited only if the site hostname matched the wildcard domain or its subdomain. Yes, it is important to decide whether or not you want to setup a Custom Domain beforehand. – Nancy Nov 12 '18 at 01:53
  • It was! Marked as accepted. Apologies for the delay – user3587624 Nov 12 '18 at 17:34