sslsd-logo
sslsd-logo

ASK SSL Support Desk – How Many Wildcard SSL Certificates Do I Need If I have Multiple IP’s?

What is Ask SSL Support Desk?
It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community.

TeacherQuestion:

One of my customers is looking to get some Wildcard SSL Certificates. They have one main domain and 30 to 40 sub domains across 3 different Internet Service Providers, and all the domains are tagged with all the ISP’s for redundancy.

They are having Internet Service provision from BSNL, TATA and National Knowledge Network with respective individual IP Address.

Please help me with what they should get. Can my customer buy one single Wildcard Certificate or 3 Wild Card Certificates for 3 individual IP’s?

Short Answer:

Just one technically.

The main thing to focus on when pertaining to SSL Certificate is the domains (Common Name). IP’s are irrelevant when it comes to SSL Certificates. All that matters is are the domains and subdomains and if they are all under the same domain. In the case with wildcard certificates, *.domain.com,  one SSL certificate can supply validation for the base domain example.com, and infinitely many subdomains i.e. secure.domain.com, mail.domain.com, etc..

So ignore all the fuss about ISP’s, Redundancy, TATA, etc…

As long as the domain remains the same they can take a single wildcard certificate keypair (SSL Certificate Public key & Private key) and apply it to as many systems as they want regardless of IPs. Just as long as they use the same domain. So if they are only using 1 domain (domain.com) they would just need one wildcard and apply the certificate keypair to the systems that require it that use that domain.
If they have three different domains then then they would need to get three different wildcards.
The Digicert Certificate utility works best for wildcards considering that wildcards never rest on one single system. It can be used to generate the CSR and then after installation back into the utility be exported in the necessary formats the server systems require Digicert Certificate Utility .
One thing to note:
Not every ISP or server hosting company will allow wildcard certificates to be used on their systems. the reason being is security. Wildcard certificate create a lot of flexibility but if you take a wildcard certificate and apply it to a bunch of systems you are essentially putting all those systems at risk if one of them gets compromised by hackers. Double check with those providers and see if wildcards are ok with their systems.
Second thing to note:
Some CA’s may have licensing restrictions on how may domains or how many servers a wildcard certificate can be applied on. Consult your SSL Certificate provider on if  any restrictions exists with your certificate.

Posted by:
Dominic Rafael
Senior Lead IT Engineer
Be sure to Subscribe!!

Recent Posts

S/MIME for Outlook O365 Windows

August 14, 2023

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

May 22, 2023

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

June 3, 2021

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »

Choose your SSL Plan

Basic Security Plan

Standard Security Plan

Enhanced Security Plan

Quick Support

About Us

CSR Generation Instructions

SSL Installation Instructions

SSL Glossary

SSL Brands

DigiCert SSL Certificates

GeoTrust SSL Certificates

Thawte SSL Certificates

RapidSSL Certificates

Sign up for Article Updates

Get latest updates related to PKI, SSL and Digital Security Delivered Directly to your inbox.

Facebook-f Linkedin-in Twitter
© 2024 Acmetek All Right Reserved. Legal Terms of Use | Privacy Policy