I would like to have only one secure socket layer certificate for all the sub domains created under that domain. Is there any way to achieve this other than wildcard secure socket layer.
I think only way is *.domain.com and which is provided by wildcard certificate
http://en.wikipedia.org/wiki/Wildcard_certificate
You can either use *.domainname.com(wildcard) or xyz.domainname.com(single domain) and just add other as subdomains or FQDNs as SANs eg: SANs (abc.domainname.com, mydomain.com)
Related
I have one ELB with www.example.com
and another with dev.example.com
I have created separate certificates for both including wildcards and www in Certificate Manager.
Both certificates are verified and issued.
But SSL on www.dev.example.com is not working.
When I check the certificate in Mozilla/Chrome it shows the alt DNS to be example.com, www.example.com, and *.example.com but that's a different certificate which I have not assigned to the listener of ELB of dev.example.com
Any help to make it work?
Wildcards only work at one level. You would need to add *.dev.example.com to the certificate in order for it to work with www.dev.example.com.
SSL Certificate is already enabled on my main domain but now I want to enable SSL on my subdomain too, So how can I enable on my subdomain, I am using AWS services.
If you're wanting to generate an SSL for your subdomain you will need to go through the ACM process again in the region(s) you're operating in.
When you specify the domain for the certificate you can either specify an absolute subdomain (foo.example.com) or specify a wildcard domain (*.example.com).
Once you have specified this you will need to go through the standard validation approach to have the certificate approved.
As an additional point going forward, AWS supports adding multiple domains to a single certificate so you could add the root domain (example.com) and the wildcard subdomain (*.example.com) to the same certificate which would allow you to use the same certificate.
No, it is not possible to edit an existing certificate to add more domains or a sub-domain of an already existing domain on an ACM certificate.
In case you wish to obtain a certificate for a new domain or sub-domain you can either have two separate certificates for the domain and sub-domain or delete the older certificate and request a new certificate with both the domain and sub-domain on the certificate.
A single certificate can hold domain.com & *.domain.com. Also the same certificate can also have domain1.com & *.domain1.com
Source https://forums.aws.amazon.com/thread.jspa?messageID=931119
I am looking for some advice as how to most cost efficiently setup SSL for a subdomain e.g https://images.example.com.
Images are hosted in AWS S3 and I have a cloudfront distribution pointing to that bucket.
I have purchased a single domain SSL cert from Comodo and successfully added it to my cloudfront distribution. That part was easy as pie.
However, when loading images on the subdomain I get a "Not secure / certificate invalid" in the browser bar.
Is this because I require a wildcard SSL cert?
I have not tested that the SSL cert works on the main domain. Reason being there is currently a production site that I don't want to interfere with.
Before I rush out and purchase a much more expensive wildcard SSL cert, I want to make sure it is required.
I have a single subdomain for image hosting. I don't expect to ever ad more subdomains. What if I just purchase two single domain certs?
What are my options?
Try using ACM (https://aws.amazon.com/certificate-manager/ ) to issue an AWS issued wildcard certificate for your domain and use that instead?
As to why your existing cert won't work - does it have the domain in the cert (eg images.domain.com) as either the primary domain or as a SAN? If not, it won't work.
If you don't want to use a wildcard, you can use an ACM cert (or a cert you purchase from somewhere else) and issue it for the domain subdomain only? You don't have to use a wildcard but from a cost point of view if you are purchasing them, its often more cost-effective (although there are of course security concerns to consider). If you are using ACM, the certs are free - either domain specific or wildcard.
AWS Certificate manager isn't allowing me to add a 2 level wildcard domain name, which would match x.a.example.com, y.b.example.com etc.
Is there a workaround for this? (instead of creating *.a.example.com, *.b.example.com etc)
Source: http://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
Wildcard Names ACM allows you to use an asterisk (*) in the domain name to create an ACM Certificate containing a wildcard name that can
protect several sites in the same domain. For example, *.example.com
protects www.example.com and images.example.com.
Note: When you request a wildcard certificate, the asterisk (*) must
be in the leftmost position of the domain name and can protect only
one subdomain level. For example, *.example.com can protect
login.example.com and test.example.com, but it cannot protect
test.login.example.com. Also note that *.example.com protects only the
subdomains of example.com, it does not protect the bare or apex domain
(example.com). However, you can request a certificate that protects a
bare or apex domain and its subdomains by specifying multiple domain
names in your request. For example, you can request a certificate that
protects example.com and *.example.com.
Unfortunately this is not possible/supported.
You can have Subject Alternative Names or SANs in the certificate for named domains: https://geekflare.com/san-ssl-certificate/
Certificate Signing Request or CSR generation would be something like this:
openssl req -new -key my.key -out my.csr -subj "/CN=*.domain.com" -addext "subjectAltName=DNS:one.complex.domain.com,DNS:completely.another.domain.com"
More details here: https://stackoverflow.com/a/16127802/339052
For those who are having issues for multiple sub domain in their certificate.
Source: https://aws.amazon.com/premiumsupport/knowledge-center/associate-ssl-certificates-cloudfront/
You can't associate more than one SSL or Transport Layer Security (TLS) certificate to an individual CloudFront distribution. However, certificates provided by AWS Certificate Manager (ACM) support up to 10 subject alternative names, including wildcards. To enable SSL or HTTPS for multiple domains served through one CloudFront distribution, assign a certificate from ACM that includes all the required domains.
To use your own SSL certificate for multiple domain names with CloudFront, import your certificate into ACM or the AWS Identity and Access Management (IAM) certificate store. For instructions, see Importing an SSL/TLS Certificate.
We want to secure the connection between all our internal servers, as well as from outside.
A basic diagram in AWS is:
As I have never installed SSL before, I don't know whether I really need a wildcard certificate, *.domain.com, or just a single certificate installed in the load balancer domain.com would be enough.
You need a certificate which matches all the domains you use. example.com only matches example.com but neither www1.example.com nor www2.example.com. This means you need either a certificate containing a wildcard for *.example.com or a certificate including both names you need to match as subject alternative names.