Sadly, I don't understand SSL certificates as well as I should. I have often performed the steps in tutorials wherein I create a Certificate Signing Request (CSR) but I have never seen any such tutorial about how to create a certificate that works for multiple domains. The process I've seen for creating certs involves creating a CSR which prompts you for your domain and you can enter one alternate/alias for your domain.Q1: Does anyone know how to create a CSR for multiple domains -- e.g., domain.com, www.domain.com, store.domain.com, www.store.domain.com, etc.).

I've been told by some folks that it is not possible to get a cert for multiple subdomains but i know that strictly speaking this is not true. Q2: Are there are any inherent limitations for SSL certs as far as the number of domains that may be secured?.

Having searched around a bit, I see that all kinds of companies are happy to sell wildcard certs for really exorbitant prices and I've also seen them as low as $199 from rapidssl. I'm wondering what a reasonable price is for a cert that handles a handful of domains/subdomains. Are the outrageously expensive verisign certs worth the extra money?

    GoDaddy sells their wildcard standard certificates for $199 as well, and their prices are one of the lowest. So that price seems like it's probably pretty standard or cheaper than standard.

      One of the main reasons Verisign and Thawte certificates are $500+ is that they manually check that the organisation buying the certificate is legitimate, and that it really is the one it claims to be on the application form. All GoDaddy does is look up the domain name's registration and check the contact details.

      (As a legal aside: in my jurisdiction SSL encryption is required during all financial transactions; and domain-validated certificates aren't considered sufficient. Your requirements may vary.)

      But what you're asking for is a Unified Communications (UC) certificate. They're like ordinary server-authentication certificates, but they include an extra field of "aliases" - alternate domain names.

        Weedpacket;10967401 wrote:

        But what you're asking for is a Unified Communications (UC) certificate. They're like ordinary server-authentication certificates, but they include an extra field of "aliases" - alternate domain names.

        Helpful info, Weedpacket, thanks 🙂

          Definitely helpful, Weedpacket. How do you know this stuff? I'm imagining you reading RFCs all day, pausing only to peruse applied maths journals or perhaps dance the Tango with dirty heiress from an ancient European family..

            Weedpacket has a USB 1.0 connection installed somewhere on his body; he has a decent enough income to download e-Books covering almost every academic discipline and has plugged himself into his laptop often enough to earn 7 or 8 doctorates.

            He's a genius! As a matter of fact, I spent some time today (almost back to my old pre-2005 noob pre-game junkie self) putting together a proposed poll and factoid thread where we could argue about his real identity (Alexi Sayle, Andi Gutmans, Jerry Yang, Ernest Rutherford, Anthony Wilding, Elizabeth's secret boy-toy, etc.) but I decided I didn't want to have to spend so much time making it worthy (semantics, humor, factually accurate details) for him to read, or doing a similar post for the rest of us that have more than 2K posts....

              Write a Reply...