6

We have a single domain SSL for a website that looks like this:

www.website.company.com

We are going to expand and do following:

www.website.company.com
www.website.company.com/dk
www.website.company.com/no

Since it's still same domain, do we need to change anything regarding our SSL?

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
Örebro Studentcentrum
  • 165
  • 5
  • 8
    Short answer: no. – Benoit Esnard Mar 21 '16 at 13:34
  • 2
    Ask yourself a very simple question; Are SSL certificates only good for root level web pages and not for sub directories on your sites? Answer to that question is answer to your question – Hanky Panky Mar 21 '16 at 15:04
  • 2
    @HankyPanky - I think you're just restating his question, if he knew the answer to that question he wouldn't be asking here. – Johnny Mar 21 '16 at 21:32
  • 1
    @Johnny Not necessarily. The questioner seems to be thinking of `www.website.company.com/dk` and `www.website.company.com/no` as *separate websites*, which they are not. – user253751 Mar 22 '16 at 02:09
  • @immibis: Yes, I understand that, you understand that, but the author of the question apparently does not. And since he doesn't know enough about the web or how SSL certs work to make that distinction, I don't see how he's going to know the answer to HankyPanky's restating of the question. Based on his comments on the accepted answer, he thinks that the SSL cert is tied to folders on his website. Which is a reasonable misconception for someone with only a cursory understanding of what an SSL cert does, so he has a valid question. – Johnny Mar 22 '16 at 04:06
  • That's why this was just a comment and not an answer :) – Hanky Panky Mar 22 '16 at 04:11
  • @Johnny If the questioner believes `www.website.company.com/dk` is something other than a subdirectory, then Hanky Panky's question is ***not*** the same, because it is about subdirectories. (And because it's not the same, perhaps the questioner can answer it, even though they can't answer the question they asked) – user253751 Mar 22 '16 at 04:14

2 Answers2

11

Since it's still same domain, do we need to change anything regarding our SSL?

Since the domain is the same and paths are not stored in the certificate, you can continue using your old certificate.

Even if dk and no is folder names in our IIS virtual folder?

The internal configuration does not matter here (the client verifying the certificate does not know anything about it anyway), as long as the web server delivers both sites under the same domain name (which is what you described).

If you'd use subdomains, things might change (if you haven't got a wildcard certificate, which is not the common case and not best practice). So if you'd be using dk.website.company.com and no.website.company.com, you would either need a wildcard certificate for *.website.company.com or a certificate matching all that domains (also consider www.website.company.com in this case).

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
6

You're fine. A TLS certificate validates the server machine (or host machine), not the page or folder.

For example, all of *.stackexchange.com shares a single certificate. By inspecting the cert for this page in Chrome:

Issued to: ssl333133.cloudflaressl.com
Subject Alternative Names: DNS Name=ssl333133.cloudflaressl.com
                           DNS Name=*.stackexchange.com
                           DNS Name=stackexchange.com

If you wanted to add more host machines each with a different domain name, for example:

server1.website.company.com
server2.website.company.com
...

then you might have to look at either getting more certificates, or getting a wildcard cert (*.website.company.com). For your question: yes, you can add as much content as you want to the same host machine without needing to change your certificate.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207