1

I am hosting multiple websites on my Mac Mini server (latest version). For some reason OS X server does not support multiple SSL certificates well for websites, and after hours on the phone with Apple enterprise support, I have given up and I'm now looking to get this accomplished with one certificate, if possible.

I have two domains:

example.com
phl.anotherexample.network

I would like to, with one certificate, secure:

example.com
*.example.com
phl.anotherexample.network
*.phl.anotherexample.network

I am assuming I need some sort of a multi domain wildcard certificate?

Chris Schlitt
  • 13
  • 3
  • "wildcard certificates decrease the effectiveness of fraud-containment measures on the CA side" https://security.stackexchange.com/questions/8210/what-vulnerabilities-could-be-caused-by-a-wildcard-ssl-cert – Neil McGuigan Apr 23 '16 at 22:32

4 Answers4

2

You can place wildcards into the Subject Alternative Name (SAN) field of a certificate, so it's entirely possible to wildcard multiple domains. There are many CAs that will issue this under a name like "multiple domain certificate".

David
  • 15,939
  • 3
  • 50
  • 73
  • It looks like the last 2 examples he gives though aren't FQDNs they're internal networks (my assumption). I'm skeptical a SAN could cover something like 'ph1.example.network'. I assume he's trying to secure internal communication too. – Daisetsu Apr 23 '16 at 17:23
  • @Daisetsu I hope not, 'cause [`.network` is a TLD now](http://icannwiki.com/.network). – Matt Nordhoff Apr 24 '16 at 03:13
  • Why couldn't ICANN leave the TDLs alone. This is just going to cause so much confusion. I hope there's not a .lan TDL. – Daisetsu Apr 24 '16 at 03:30
  • @david When you say you can add wild cards to the SAN field, what do you mean by that? I should have clarified, the "example" in the domain names above are not the same. I'll update the question. Thanks! – Chris Schlitt Apr 24 '16 at 16:14
1

If I am not mistaken you can use letsecrypt.org service it is automated and free, you can then generate certificates without the need of using wild cards.

At least they are free and you do not have extra expenses and it makes things more secure.

You can create multiple sites with multiple domains associated pointing to different paths.

You can generate them by simply run their client command. I think but I am not sure that they also work well in the Mac OSX server.

Hugo
  • 1,701
  • 11
  • 12
  • 1
    I wasn't able to test lets encrypt on my Mac, but I tried for a vm on Google Cloud Platform and it worked like a charm! So easy, free, and automated I can't imagine using anything else! – Chris Schlitt Apr 24 '16 at 17:05
1

As you mentioned, you want to secure 2 domains and its all sub-domains with a single certificate.

Comodo Multi Domain Wildcard SSL certificate is the preeminent option to complete your company necessities. With this certificate, your can secure multiple websites and its unlimited numbers of sub domains.

You should request certificate for,

*.example.com
*.phl.anotherexample.network

Then it will secure those websites as well it’s all sub-domains.

Jason Parms
  • 71
  • 4
0

As per your requirement Multi Domain Wildcard SSL Certificate will work fine. Because you need to secure two vary domains and its all sub domains. There are many certificate authorities offer Wildcard + SAN option but there is no meaning to pay more amount if you are not going to add another SAN in future as per your requirement you just want to protect two main domains.

In this scenario Comodo Multi Domain Wildcard certificate will be the best choice. You will be able to secure:

example.com
www.example.com
news.example.com
*.example.com

and 

phl.anotherexample.network
123.phl.anotherexample.network
456.phl.anotherexample.network
*.phl.anotherexample.network
Gunjan Tripathi
  • 166
  • 4