: Using wildcard certificates for multi-server deployment Currently we are deploying a beta API for our services and we want that all request/responses from the API works over https. I'm confused
Currently we are deploying a beta API for our services and we want that all request/responses from the API works over https. I'm confused about using wildcard certificates for both api and www urls. Is it a good idea to use a wildcard certificate for both api.example.com and example.com? Are there any inconveniences?
What about those 1-server-only certificates? Because I'm deploying my API in n servers with a load balancer on front.
More posts by @Nimeshi995
2 Comments
Sorted by latest first Latest Oldest Best
The only problem that I've seen with wildcard certs so far is that they don't appear to have any that support EV. This is only really a concern if you want the cool browser chrome saying "hey, this site is offically OK and vertified". If you're only looking for secure transport and don't care about customer purchasing confidence, go the cheap way. Or buy EV for the www server, and wildcard for the API.
You are correct, using a wildcard cert is a great idea in this case. It'll keep your configuration for separate domains simple, and ensure that any subdomains you decide to add will work.
There are a couple drawbacks:
- Your top level domain is not secure. As in, the certificate is not good for example.com.
- They are very expensive, normally around k.
As for 1-server-only certs, it depends on the agreement you make when you purchase the cert. Some will allow the cert to be installed on multiple servers, some will not. Also, I have no idea how or if they check that the cert is only installed on a single server. You might be able to get away with it...
Also, if you are using a load balancer, I would recommend installing the cert there, if your hardware allows it. I know the Cisco CSS series has a dedicated hardware module that handles all the encryption and decryption, saving some work for your servers.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.