Wildcard Sub-Domain SSL Cert

Having not purchased a wildcard sub-domain SSL cert in the past, I wanted to do a sanity check before plopping down $200 on it... and I figured I'd put it here so others can take advantage of it in the future :-)

My two questions are:

  1. When generating the CSR -- what should the server name be set to? Would that be something like: *.example.com (ie, do I use a literal asterisk character in the name?)

  2. If I have multiple servers on the Net all with the same domain name -- server1.example.com, server2.example.com, server3.example.com, etc -- can that same wildcard SSL Cert and Key be copied across all the servers without issue?

Status: 
Closed (fixed)

Comments

Depends on who your SSL issuer is, some CA's issue Wildcard certs that are limited to only to a single host (Thawte for example) while others allow you to use your cert on as many hosts as you want (Digicert is a good example). But there are other tradeoffs, most issuers that allow unlimited hosts are not direct root CA's and you need to install a chain certificate so the setup is a little more complex (see the SSL info for https://fatbox.ca for an example of the chained cert).

As for your CSR, you will need to put *.domain.com as the common name, with the literal asterisk.

Hope this helps.

PS. If you choose to go with DigiCert and feel like using my affiliate links, let me know :)

Yes, you should enter *.domain.com as the hostname in the CSR.

Since the CSR doesn't have any IP address in it that would tie it to a particular machine, the cert should work fine if copied to other systems hosting sites under the same DNS domain.

Automatically closed -- issue fixed for 2 weeks with no activity.