I am running three sites through one load balancer (and 2 child-application servers)
One of the site's has an SSL certificate, but I'd like to add a certificate for the other two sites
What is my best route here?
I've found a huge variety of certificates out there, and am a bit confused
I've seen some that are wildcard (eg. limitless subdomains secured for one domain), and some that are multi-domain (eg. up to 100 domains under the one certificate)
Is there a certificate that handles both cases?
Or could I use a multi-domain one to handle subdomains as if it were a wildcard (each site only has 3 or 4 subdomains I need protected)
Would love some guidance here
Link to any articles dealing with this would be appreciate too
I'd suggest one certificate per site (that way you can easily add a fourth site, or remove one of the existing, without touching the certs of the others).
Whether you want a wildcard for each site, or a multidomain which lists all possible subdomains depends on your setup.
If everything is in one location (EC2), wildcard is probably the cheaper and easier way w/o giving up security.
If you host stuff (for the same domain) in different locations (EC2 and own datacenter), I'd suggest multi-domain certs for every location. That way if one of the locations gets compromised, they cannot impersonate the other location (which would be possible with the wildcard cert or one multidomain listing all services of that domain).
Here's an interesting solution:
Source: http://web.archive.org/web/20150516202333/http://elwoodicious.com/2009/12/23/using-elb-to-serve-multiple-domains-over-ssl-on-ec2-for-giggles
In my own case, I just created small instance with Nginx. No problem with traffic yet. Flexible configuration. Costs within budget.
If you have subdomains, use wildcard package.