: Using wildcard certificates for multi-server deployment Currently we are deploying a beta API for our services and we want that all request/responses from the API works over https. I'm confused

@Welton855

The only problem that I've seen with wildcard certs so far is that they don't appear to have any that support EV. This is only really a concern if you want the cool browser chrome saying "hey, this site is offically OK and vertified". If you're only looking for secure transport and don't care about customer purchasing confidence, go the cheap way. Or buy EV for the www server, and wildcard for the API.

Vote Up Vote Down

@Angie530

You are correct, using a wildcard cert is a great idea in this case. It'll keep your configuration for separate domains simple, and ensure that any subdomains you decide to add will work.

There are a couple drawbacks:
- Your top level domain is not secure. As in, the certificate is not good for example.com.
- They are very expensive, normally around k.

As for 1-server-only certs, it depends on the agreement you make when you purchase the cert. Some will allow the cert to be installed on multiple servers, some will not. Also, I have no idea how or if they check that the cert is only installed on a single server. You might be able to get away with it...

Also, if you are using a load balancer, I would recommend installing the cert there, if your hardware allows it. I know the Cisco CSS series has a dedicated hardware module that handles all the encryption and decryption, saving some work for your servers.

Vote Up Vote Down