I have over 100 domains and I mapping with over 100 wildcard domain in a conf file , I buy a wildcard certificate key from third company which I can use for over 100 domains . I set this key in conf file , Do I have SSL for 100 domains when I use URL : example.com …
If I understand your question correctly, the answer to both questions is no. Wildcards don't cover the base domain, only subdomains; certificates for the base domain don't cover subdomains.
As you probably know, Let's Encrypt doesn't issue wildcard certificates yet, but will start in January. If you need wildcard certificates before then, you should probably get them from a different CA.
With Let's Encrypt's current service, you must explicitly list all of the names that you want to be covered by your certificate. You can have 100 names per certificate, but if you need to cover more names than that, you can get more than one certificate (up to 20 new ones per week). When most clients connect, they send the SNI extension to indicate what server name they expect, and most web server applications can choose the correct certificate based on that information.
Now , I have example.com mapping with example.company.com.au . Where I put SSL key for example.com ? If I put it in conf file of example.company.com.au , Do example.com have it ?
thank Schoen .
hi Schoen ,
Sorry about my stupid question , I don’t have good knowledge in SSL .
I still have issue with domain and wildcard domain when I mapping it.
I know when I set SSL for wildcard domain : example.company.com.au , the domain :example.com is not effect ,
We must setup SSL for example.com too , but I have over 100 domain , it will increase in future .
I can not buy CA and setup for each domain , because that I want ask a question :
Do I have solution for it ? I can buy a CA key and I setup it on server , it will CA for all domain (from Letsencrypt or any company)
If you were doing this for internal, private use (only within your organization), you can simply create your own internal CA and then make all of the machines inside your organization trust that CA. However, that solution isn't applicable if you're doing public web hosting which is meant to be used by people outside of your organization.
Certificate authorities are mostly not allowed to delegate the power to you to make arbitrary certificates. There is a special case if the certificates that you need are all subdomains of one single domain, like at a university; then you can sign a contract with certain CAs that designates you as a registration authority (RA) for that domain and then they will believe your requests about whatever certificates you want to issue for those subdomains. There are apparently ways for ISPs and CDNs to get a broader version of this power but I don't know how that works bureaucratically or administratively.
Much of the point of Let's Encrypt is that it's supposed to be automated, whenever possible. For example, there are some organizations that literally have hundreds of thousands of certificates from Let's Encrypt. They are using databases and scripts to manage all of the issuance, configuration, and renewal. So for example, I believe they have database records tracking all of the domain names that they need certificates for, and the status of each certificate. When a new certificate is needed, a software application requests it automatically without any human intervention. This is a fully supported use case. The key idea is that computer software should do the work, rather than a human being doing it. In that case, hundreds of domains may not be a problem because that is a small number to a computer, even if it is a big number to a human.