: SSL between customer's domain having CNAME to our secured server? We're setting up a payment service -- a few pages to collect credit cards, and do other stuff that needs to be secure. We
We're setting up a payment service -- a few pages to collect credit cards, and do other stuff that needs to be secure. We would like to offer the service to customers via a cobranded page we serve that appears to be on their site using a CNAME alias from their domain to our domain. The customer doesn't have an SSL certificate. Example:
www.customer.com and other pages, like www.customer.com/about already exist.
Customer wants to use our service to accept payments
Our domain has a wildcard SSL cert, customer.com doesn't have a cert.
Customer sets up CNAME DNS record like payment.customer.com that is an alias for one of our subdomains, like customer.mycompany.com
Customer links to our pages via their alias. Credit card info is collected on payment.customer.com/payment
So the question: can we set up our SSL cert for customer.mycompany.com such that it is acceptable if the request originates from payment.customer.com (and for multiple other customers)? Browser error messages are not OK.
Thanks!
More posts by @BetL925
1 Comments
Sorted by latest first Latest Oldest Best
No. SSL certificates are implicitly tied to the domain name that they are served from. If your certificate hasn't been issued for your customer's domain then you can't use it.
There is still at least one option. If your customers are prepared to give you an SSL certificate which is valid for their domain then your server config can be set up to use that for their requests. However, this a) is at cost to them and b) requires a unique IP address for every SSL certificate (there is an alternative – SNI – which doesn't require a unique IP address per certificate but it isn't supported by IE on Windows XP)
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.