domain mapping and ssl for shared website

Question

I'm not very familiar with domain mapping and ssl, so I'm trying to figure this out.

basically, I have an asp.net mvc app which is being hosted at a primary domain. Additionally I want other domains to point to it, like google apps, or wordpress, but the site will show custom view based on the domain.

if we use ssl for login, how will that work if other domains map? basically we want a single ssl certificate from our site to work for any site mapped to our domain via mx records, or cname or whatever it is.

is that possible, or would a new ssl need to be obtained for each domain mapping?

thanks!

Answer 1

There several ways to accomplish this. You could get a UCC cert that includes all the domains you'll use. If those domains change on a common basis however, it'd be too much trouble. At this point you'll either want a different IP per domain, or you'll have to host them on different Ports (which can lead to all kinds of fun). Alternatively, you could redirect example.com to a single hosting site hostexample.com/my_web_app?example.com. This would allow you to have a single cert for hostexample.com; but users couldn't type https://example.com, as it doesn't have it's own cert.

There's tons of other people who have been in this same prediciment, if you search this site for UCC or Multiple SSL and it should turn up plenty.

Answer 2

My solution to this was to buy a wildcard *.example.com cert, then each client receives their own subdomain: joe.example.com bob.example.com and so on. Note that *.example.com doesn't match example.com, most wildcard cert sellers will create a UCC certificate that lists both *.example.com and example.com, but check and be sure.

Since SSL is based on the hostname the browser uses to reach your server, if you allow people to make up whatever hostnames they like and point them at your site, you'll need to buy certificates for every hostname they think of, then use SNI so that the browser can get the correct certificate.