| 1 |
Hello all. My question is about how to save money if I have lots of sub |
| 2 |
domain names that needs SSL web servers. |
| 3 |
|
| 4 |
Traditionally, if you have many different subdomains that must have SSL |
| 5 |
certificate, and you must have the certificate be recognized by most |
| 6 |
browsers (recognize means the browser does not display warning to your |
| 7 |
certificate, but instead trust your certificate as secure), you need to |
| 8 |
buy one certificate for each subdomain. This is a waste of money in case |
| 9 |
you have 100 web server domain names for balance purpose or whatever. |
| 10 |
|
| 11 |
Say, you have www1.company.com, www2.company.com ... www84.company.com, |
| 12 |
you need to pay for 84 seperate licenses. |
| 13 |
|
| 14 |
Before I make conclusion, the administators must be aware under the |
| 15 |
situation I mensionted above (must have SSL certificate, must display no |
| 16 |
warning on most user's browsers), each host (more precisely, each IP |
| 17 |
address) could only have one certificate installed. |
| 18 |
|
| 19 |
Many people posted helpful ideas and suggestions to my question, but in |
| 20 |
case that the situation is like me (must have SSL certificate, must |
| 21 |
display no warning on most user's browsers), the availabe choices are: |
| 22 |
|
| 23 |
1) to buy a certificate from CAs that could issue wilde card |
| 24 |
certificate, which is the kind of single certificate that works for |
| 25 |
multi-sub-domains, like *.mycompany.com |
| 26 |
|
| 27 |
As far as I know, one CA that could issue wildcard is FreeSSL |
| 28 |
(www.freessl.com). There are probably other issuers that could do it, |
| 29 |
especially the chained issuers might be able to issue wildcard |
| 30 |
certificates. However you need to judge if they are trust worthy from |
| 31 |
the size and requirement of your business. |
| 32 |
|
| 33 |
2) (as suggested by Vegard Figenschou and Billy. Use only one domain, |
| 34 |
one certificate, just centralize the service you need |
| 35 |
|
| 36 |
certificate for on a particular site and redirect the other sites to it, |
| 37 |
for the particular pages that need encryption Ie: |
| 38 |
|
| 39 |
a.mysite.com -> secure.mysite.com/a |
| 40 |
b.mysite.com -> secure.mysite.com/b |
| 41 |
c.mysite.com -> secure.mysite.com/c |
| 42 |
|
| 43 |
|
| 44 |
So far, I do not see other possibilities (in the situations I mentioned |
| 45 |
above) |
| 46 |
|
| 47 |
Sri Gupta gave some very valuable information on pricing and market |
| 48 |
situation: |
| 49 |
|
| 50 |
>$799 Geotrust (http://geotrust.com/web_security/truebusinessidwild.htm) |
| 51 |
>$449 InstantSSL (comodo chained to GTE Cybertrust) (http://www.instantssl.com/ssl-certificate-products/ssl/wildcard-ssl-premiumssl_wildcard.html?currency=USD®ion=North%20America&country=CA) |
| 52 |
>$449 Digicert (digicert chained to GTE Cybertrust) (http://www.digicert.com/wildcard-ssl-certificates.htm) |
| 53 |
>$299 Freessl (freessl chained to UTN USERFirst-Network) (http://www.freessl.com/chainedssl/chainedssl_wildcard.html) |
| 54 |
> |
| 55 |
>There are more. The GTE/UTN chained certs should work in IE 5.0 and up, the |
| 56 |
>geotrust cert should work in anything newer than netscape/ie 4. |
| 57 |
>If you're getting a chained cert, might as well get the cheap one. |
| 58 |
>If you need compatibility, get the geotrust one. |
| 59 |
> |
Archives