I bought a plain ole SSL cert for mydomain.com. I also want to secure www.mydomain.com and mail.mydomain.com, which both map to the same server. Is this possible?
I'm trying to avoid having to buy a wildcard SSL as it costs $200 when all I really need is two subdomains.
Yes, you should be able to buy a "multidomain" certificate that lists both
example.comandwww.example.comin the subjectAltName. If your SSL provider can't / won't provide you with a multidomain certificate, find another provider. Be warned: like all SSL certificate things, they're a monster freaking scam, and you'll want to steel yourself for the price hike for adding a second related name to a certificate... it's freaking ridiculous.Oh, one thing: I recently noticed that one of the companies we resell certs from automatically provides certificates for
example.comwith thewww.example.comaltname built-in, for no extra cost. I'd never seen it before, but someone's doing it, so it might be worth looking around.Sure, I don't see why a CA won't sign one for enough money.
I think the real question is can you support multiple SSL certificates? You can only use 1 SSL certificate per IP, not hostname.
You say you have multiple hostnames pointing to the same machine, in order for each subdomain to have a separate SSL certificate - each subdomain needs to be on a separate IP.
Will the CA be willing to "lump" all the domains into a single certificate so you can serve the same certificate for multiple domain names? I can't think of one, but it can be done.
Wildcard certs are actually a newer concept than certs which are limited to just a few domains.
You might even be able to get a single cert which has both listed, but it depends on the application to accept this without warning about it.
When the cert authority makes a CERT they can define multiple domains or subdomains.
You can view the details of your cert and look under Subject Alternative Name to see if your cert supports multiple names.
The base name and the www name are typically included. You can ask the cert authority to reissue the cert with more sub domains, or buy specific ones.
Seems like at ~$10/year, you could get a single SSL cert for each (sub)domain you wish to support. Traditionally, each SSL host required a distinct IP address due to SSL's connection setup sequence, but I hear that Server Name Indication support (http://en.wikipedia.org/wiki/Server_Name_Indication) can be used in servers like Apache and nginx to provide "virtual hosting for HTTPS" via one IP address. The hangup will be in your user's browser... older one's like IE6 don't well support SNI.