1 |
Hello all. My question is about how to save money if I have lots of sub |
2 |
domain names that needs SSL web servers. |
3 |
|
4 |
Traditionally, if you have many different subdomains that must have SSL |
5 |
certificate, and you must have the certificate be recognized by most |
6 |
browsers (recognize means the browser does not display warning to your |
7 |
certificate, but instead trust your certificate as secure), you need to |
8 |
buy one certificate for each subdomain. This is a waste of money in case |
9 |
you have 100 web server domain names for balance purpose or whatever. |
10 |
|
11 |
Say, you have www1.company.com, www2.company.com ... www84.company.com, |
12 |
you need to pay for 84 seperate licenses. |
13 |
|
14 |
Before I make conclusion, the administators must be aware under the |
15 |
situation I mensionted above (must have SSL certificate, must display no |
16 |
warning on most user's browsers), each host (more precisely, each IP |
17 |
address) could only have one certificate installed. |
18 |
|
19 |
Many people posted helpful ideas and suggestions to my question, but in |
20 |
case that the situation is like me (must have SSL certificate, must |
21 |
display no warning on most user's browsers), the availabe choices are: |
22 |
|
23 |
1) to buy a certificate from CAs that could issue wilde card |
24 |
certificate, which is the kind of single certificate that works for |
25 |
multi-sub-domains, like *.mycompany.com |
26 |
|
27 |
As far as I know, one CA that could issue wildcard is FreeSSL |
28 |
(www.freessl.com). There are probably other issuers that could do it, |
29 |
especially the chained issuers might be able to issue wildcard |
30 |
certificates. However you need to judge if they are trust worthy from |
31 |
the size and requirement of your business. |
32 |
|
33 |
2) (as suggested by Vegard Figenschou and Billy. Use only one domain, |
34 |
one certificate, just centralize the service you need |
35 |
|
36 |
certificate for on a particular site and redirect the other sites to it, |
37 |
for the particular pages that need encryption Ie: |
38 |
|
39 |
a.mysite.com -> secure.mysite.com/a |
40 |
b.mysite.com -> secure.mysite.com/b |
41 |
c.mysite.com -> secure.mysite.com/c |
42 |
|
43 |
|
44 |
So far, I do not see other possibilities (in the situations I mentioned |
45 |
above) |
46 |
|
47 |
Sri Gupta gave some very valuable information on pricing and market |
48 |
situation: |
49 |
|
50 |
>$799 Geotrust (http://geotrust.com/web_security/truebusinessidwild.htm) |
51 |
>$449 InstantSSL (comodo chained to GTE Cybertrust) (http://www.instantssl.com/ssl-certificate-products/ssl/wildcard-ssl-premiumssl_wildcard.html?currency=USD®ion=North%20America&country=CA) |
52 |
>$449 Digicert (digicert chained to GTE Cybertrust) (http://www.digicert.com/wildcard-ssl-certificates.htm) |
53 |
>$299 Freessl (freessl chained to UTN USERFirst-Network) (http://www.freessl.com/chainedssl/chainedssl_wildcard.html) |
54 |
> |
55 |
>There are more. The GTE/UTN chained certs should work in IE 5.0 and up, the |
56 |
>geotrust cert should work in anything newer than netscape/ie 4. |
57 |
>If you're getting a chained cert, might as well get the cheap one. |
58 |
>If you need compatibility, get the geotrust one. |
59 |
> |