I would like to have a single webserver with a single certificate that hosts the following domains:
- onenameofthecompany.com
- othernameofthecompany.com
- www.onenameofthecompany.com
- www.othernameofthecompany.com
- bla.onenameofthecompany.com
- bla.othernameofthecompany.com
- ...
In theory, I could create a certificate with the following characteristics:
- Subject contains (*.)onenameofthecompany.com
- SubjectAlternateName contains:
- onenameofthecompany.com
- othernameofthecompany.com
- *.onenameofthecompany.com
- *.othernameofthecompany.com
I tested this setup with and it seems to be working in a recent version of Firefox and IE8.
Questions:
- Should I expect client compatibility problems with this setup? Any known issues with e.g. IE6 or other older browsers?
- Should I put *.onenameofthecompany.com or simply onenameofthecompany.com to the Subject field in the certificate? (I know that in theory, when SubjectAlternateNames are present in a certificate, the browser should ignore the subject, in practice, I wish I knew what happens)
- Are there any widely-trusted CAs who could create such a certificate for me?
I believe what you need is a SAN SSL Certificate (Subject alternative name), for instance, verisign has it http://www.verisign.com/ssl/buy-ssl-certificates/specialized-ssl-certificates/san-ssl-certificates/
Also i heard about http://www.cacert.org/ this a community that issues free certificates to you but i have no experience with it. But might worth a shot.
HTH!
It has always been possible to include multiple wildcards in a SN/SAN, but the majority of browsers added support for them in the last few years (around the time this question was originally asked). Now, you should have little trouble finding a Certificate Authority that will issue such a certificate, and most clients should accept it.
I would suggest to check GeoTrust True Business ID with Multi Domain which would work perfect for you. Though, it does not provide you to add wild card in SAN Certificate you can add up to 25 domains and they all are protected by single SSL Certificate.
You can check it at following URL:
https://www.thesslstore.com/geotrust/true-businessid-multi-domain.aspx
Gaurav Maniar MCP | MCSE | MCST | MCITP | ITILv3 Certified
I wouldn't use wildcard certificates at all, as they can facilitate a ssl man-in-the-middle attack.
However, if you still want to :
IE6 apparently had some issues dealing with these.
Try different configurations with either a self-issued certificate authority or CACert. You will see what is the best between *.yoursite.com and yoursite.com with SAN.
Take a look at this page. It shows that all major certificate providers (comodo, digicert, thawte...) can provide wildcard certs.
I've been in shops that use Digicert for this very exact thing. Check out their WildCard plus certs.