I have a plan to buy a SSL certificate for my domain. I don't have much budget so I decided to buy standard SSL with no support for sub-domains. I have a WCF web-service that works on sub-domain. This WCF service is consumed by the website on the main domain. So, I want to ask that if I add a SSL certificate to main domain, will sub-domain will be effected by it? I mean it is compulsory for both to have SSL for both to work properly?
Asked
Active
Viewed 1,103 times
1 Answers
2
SSL and certificates don't actually know what a "domain" is.
When a client (e.g. Web browser, or an application which calls a Web service) connects to a SSL server, it will look at the server's certificate (as sent by the server itself) and will accept it only if the certificate contains the intended server name. If the client wants to talk to https://www.example.com/foo.html, then the client will require that the certificate contains www.example.com.
A "domain certificate" is a fancy name for a certificate which contains the name *.example.com, also known as wildcard certificate. The client will consider it as good enough if the intended server name is anything.example.com for any value of anything.
No part the whole thing has any awareness of the "domain" as a whole. Server foo.example.com will not mind that bar.example.com uses or does not use SSL, regardless of any certificate contents; and any client connecting to foo.example.com will be interested only in what it finds in the certificate sent back by that server; and it will be interested only in whether foo.example.com appears as a name in the certificate, as such or under the guise of a wildcard name.
Tom Leek
- 168,808
- 28
- 337
- 475
-
So that means foo.example.com if does not uses SSL and if website at example.com uses this foo.example.com as web service and example.com is SSL secured, so this will not effect the working of web service? – Aishwarya Shiva Oct 03 '13 at 20:39