Multiple alternative names

Hi Guys,
I got cert however my domian is one of MANY alternative names in this certificate. I’m not the owner of other websites defined in Alternative Name.

Why I got such certificate?
Do I have the same private key for cert as other Alternative Names websites owners?
Is it possible to decrypt my traffic by othey gusy ? (Guys with domain defined in Alternative Names as they have the same certificate)


In short, Yes.
But probably not possible.

Technically, yes. But do you really have access to the private key file?

This depends entirely on your HSP and your hosting plan.
Most likely a "shared" plan; one that uses cPanel to "separate" the many users.
Or maybe you are using a CDN service (like CloudFlare) and you are seeing their cert which contains many domains.

I’m assuming this certificate was issued by a hosting provider, rather than one you requested yourself through something like certbot or

If that’s the case, you’re fine. Some hosting providers aggregate many customers’ domains onto a single certificate for various reasons. (Fewer certs to manage, keep in memory, etc.) Yes, your domain uses the same public key as these other customers, but it doesn’t impact your security because they, like you, don’t have access to the private key. It’s no less secure than if the host used a single cert per customer.

Hi @Bildos2

what's your domain name?

Cloudflare creates a lot of such certificates with many different domain names.

Same is possible if you use a hosting service with an automated Letsencrypt support.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.