SSL for subdomain

[pceinc]

I have a client with a 2008r2 server that needs an SSL for the hostname of the server. The website domain is hosted elsewhere and does not require an SSL. This is what I have.

serverhostname.domain.com - Need SSL for this domain which resides on 2008r2 server
domain.com - Don't need SSL for this domain hosted on another server

Basically the subdomain is being used for a com link between a billing portal app and the billing portal API. I thought I could just get the basic SSL cert from Godaddy but apparently that applies to the parent domain only. There are no other sites hosted in IIS on the server other than the default. I've tried setting the common name in the SSL request to serverhostname.domain.local but the SSL verification still did not pass for the subdomain.

I have no problem doing SSL certs but have never needed to do a subdomain. Do I need to purchase a specific type from Godaddy in order to do this. I was hoping to only spend $70/$300 for an all inclusive SSL.

 

[Markverhyden]

The cert business can be kind of tricky. Each vendor will have their marketing and sales blurb on their site but it is not always clear as to exactly what you are getting.

This is from my experience having been in involved in a few purchases. At the minimum level you can buy a cert for just one domain. That means if you buy a cert for myfamousdomain.com it is only for that FQDN. It does not include myfamoussubdomain.myfamousdomain.com. Of course you can buy it just for the subdomain as well.

They have packages where you can roll in several domains. You can also purchase what, if I remember correctly, is called a wildcard or something like that. Basically it is for myfamousdomain.com and anything else - *.myfamousdomain.com. Of course that can be very expensive.

 

[TAPtech]

I am almost positive the cheap basic SSL cert from Godaddy or similar will do this, unless the current domain already has a cert from them.

If the main domain holder is using an SSL from godaddy, the godaddy system will not give you an SSL for the subdomain.

 

[TazUk]

I use RapidSSL and have used their certs for subdomains i.e. things like owa.mydomain.com

 

[pceinc]

I am almost positive the cheap basic SSL cert from Godaddy or similar will do this, unless the current domain already has a cert from them.

If the main domain holder is using an SSL from godaddy, the godaddy system will not give you an SSL for the subdomain.

I think this may be the issue. I will have to check with the client to see if they have an SSL for the parent domain used for the admin portion of the site. It's a small town municipal website. If this is the case I think my only option is to get the $300 cert package. I don't think cost is an issue as much as getting it done correctly and in a way that can easily be maintained. We maintain several other SSL's under our Godaddy account for which we also maintain the domain. I have a web developer IIS admin looking at it for me now.

 

[nightkingdoms]

You can get an SSL cert for a subdomain. I have one and that's the only thing that has a cert on there, not even the main domain is included. https://secure.x-mirror.com

The only way you can get one for the main domain and all subdomains is with a wildcard SSL cert which disregars the part before the FQDN.

The problem you might run into, though, is if this subdomain talks to another machine within your own network which may disregard the proper domain names. In which case you can just use a homebrew cert for the encryption and trust it because it's in-house.

I wasn't sure from your description whether the subdomain and the API would be internal or external.

 

[TAPtech]

You can also use a UCC cert which is good for 5 domains. This is really useful for a SBS installation- you can do sites.domain.com, servername.domain.com, servername.domain.local, etc. all with one UCC cert.